[guardian-dev] Fwd: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
Abel Luck
abel at guardianproject.info
Mon Sep 23 13:49:18 EDT 2013
Can anyone share what happened to this discussion thread on libtech?
~abel
Nathan of Guardian:
>
>
>
> -------- Original Message --------
> From: "Fabio Pietrosanti (naif)" <lists at infosecurity.ch>
> Sent: Sat Sep 14 06:03:19 EDT 2013
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)
>
> Hi all,
>
> i would like to notice that in those "internet freedom space" there's a
> missing component in the communication security landscape, that's the
> ability to interoperate between "Web" and "Mobile" for communication
> security technologies.
>
> The user have only those two platform, a browser and a mobile phone with
> downloadable apps.
> Everything else requiring to install an application over a desktop
> computer is IMHO destinated to be a total failure.
>
> So, if that's a valid assumption, we need focus on having "internet
> freedom technologies" working on a web browser and as mobile phone apps,
> being interoperable among them
>
> Everything else is IMHO a waste of time and money.
>
> Let me identify 3 major area where those kind of stuff should apply:
>
> *Realtime Instant Messaging:**
> *Web Browsers support, trough CryptoCat, realtime instant messaging with OTR
> Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime
> instant messaging with OTR
>
> The GAP is: The technologies are not "interoperating by default" but
> they could and should do it, by default.
>
> *Voice:**
> *Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications.
> Mobile Clients now speak ZRTP for encrypted communications.
>
> The GAP is: We need Mobile Clients that interoperate with Web Browsers
> trough WebRTC, within a federated telephony system.
>
> *Asyncronous Instant Messaging:**
> *That's a major issue, because there's no easy end-to-end encryption
> standard handling asyncronous messaging with PFS (SMS-like experience),
> and each vendor is going with it's own custom implementation.
> RedPhone used it's own approach:
> https://whispersystems.org/blog/asynchronous-security/
> Silentcircle used it's own approach:
> https://business.silentcircle.com/scimp-protocol/
>
> There's not event an interoperable and standard way to do secure
> Asyncronous instant messaging (SMS or skype like experience), with end
> to end encryption and forward secrecy.
>
> The only "standard" alternative is to use email with OpenPGP, but
> without any kind of "forward secrecy"
>
> The GAP is: We need to first research and agree on an IETF standard for
> that technology, then have it implemented over Mobile phones and Web
> Browsers.
>
>
> I hope this short analysis would trigger a discussion and/or a
> brainstorming by our ecosystem player on which could be some priority to
> work on, looking for a challenging interoperability between a Web
> Browsers and Mobile phones.
>
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>
> You are subscribed as: abel at guardianproject.info
>
More information about the Guardian-dev
mailing list