[Cryptography] What is a secure conversation? (Was: online forums...)
Phillip Hallam-Baker
hallam at gmail.com
Sat Dec 28 11:49:39 EST 2013
A while back I had an idea for a scheme I was calling the free flowing
flux. Part of the idea was that a conversation should not be artificially
restricted to a particular medium or a particular set of correspondents.
So for example, we are currently having an asynchronous discussion with the
whole list which is a public list and likely archived by the NSA (among
others). So maybe confidentiality does not matter a lot. But now imagine
that I want to make an off-list comment to three or four list members about
something on the list. That is a conversation that I probably do want to be
confidential.
If I am in an important conference call with other companies and there are
three people from my company, it is quite likely we are chatting in a
separate chat room to coordinate our position. The conference call might be
public but only some of the conversation is.
At the moment we have quite a few chat like protocols, we have twitter,
sms, chat, video and VOIP. They are all essentially the same thing and we
should be able to secure them all end to end with the same set of
credentials.
Let us accept for the sake of argument that my email security scheme takes
off and we get folk creating credentials and publishing them for email.
Wouldn't we want to add the same capabilities to jabber like protocols?
At some point it is going to be easier to design one protocol that supports
all the different messaging modes with security built in rather than
working out how to back-fit security into each legacy protocol separately.
Moving to a forum does not interest me very much, there are some things
that might be moved to a wiki though. What would interest me would be a
remote conference or meetup. Particularly if we could get some tools that
help moderate the discussion better.
Five years ago the idea of doing that would be madness. But we are starting
to get pieces in place with HTML5 that could make it quite feasible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131228/25b51135/attachment.html>
More information about the cryptography
mailing list