[guardian-dev] Fwd: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)

[Lee Azzarello]

We have a federated telephony system and there is a draft to
standardize ZRTP for key agreement in WebRTC. So that's going well.

-lee

On Sat, Sep 14, 2013 at 9:05 AM, Nathan of Guardian
<nathan at guardianproject.info> wrote:
>
>
> ________________________________
> From: "Fabio Pietrosanti (naif)" <lists at infosecurity.ch>
> Sent: Sat Sep 14 06:03:19 EDT 2013
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] The missing component: Mobile to Web
> interoperability (in Internet Freedom Technologies)
>
> Hi all,
>
> i would like to notice that in those "internet freedom space" there's a
> missing component in the communication security landscape, that's the
> ability to interoperate between "Web" and "Mobile" for communication
> security technologies.
>
> The user have only those two platform, a browser and a mobile phone with
> downloadable apps.
> Everything else requiring to install an application over a desktop computer
> is IMHO destinated to be a total failure.
>
> So, if that's a valid assumption, we need focus on having "internet freedom
> technologies" working on a web browser and as mobile phone apps, being
> interoperable among them
>
> Everything else is IMHO a waste of time and money.
>
> Let me identify 3 major area where those kind of stuff should apply:
>
> Realtime Instant Messaging:
> Web Browsers support, trough CryptoCat, realtime instant messaging with OTR
> Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime
> instant messaging with OTR
>
> The GAP is: The technologies are not "interoperating by default" but they
> could and should do it, by default.
>
> Voice:
> Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications.
> Mobile Clients now speak ZRTP for encrypted communications.
>
> The GAP is: We need Mobile Clients that interoperate with Web Browsers
> trough WebRTC, within a federated telephony system.
>
> Asyncronous Instant Messaging:
> That's a major issue, because there's no easy end-to-end encryption standard
> handling asyncronous messaging with PFS (SMS-like experience), and each
> vendor is going with it's own custom implementation.
> RedPhone used it's own approach:
> https://whispersystems.org/blog/asynchronous-security/
> Silentcircle used it's own approach:
> https://business.silentcircle.com/scimp-protocol/
>
> There's not event an interoperable and standard way to do secure Asyncronous
> instant messaging (SMS or skype like experience), with end to end encryption
> and forward secrecy.
>
> The only "standard" alternative is to use email with OpenPGP, but without
> any kind of "forward secrecy"
>
> The GAP is: We need to first research and agree on an IETF standard for that
> technology, then have it implemented over Mobile phones and Web Browsers.
>
>
> I hope this short analysis would trigger a discussion and/or a brainstorming
> by our ecosystem player on which could be some priority to work on, looking
> for a challenging interoperability between a Web Browsers and Mobile phones.
>
> --
> Fabio Pietrosanti (naif)
> HERMES - Center for Transparency and Digital Human Rights
> http://logioshermes.org - http://globaleaks.org - http://tor2web.org
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info
>