[Cryptography] At what point should people not use TLS?

[Tom Mitchell]

On Tue, Apr 5, 2016 at 8:00 PM, david wong <davidwong.crypto at gmail.com>
wrote:

> WhatsApp just announced end-to-end encryption on their service, and the
> details show that they do not use TLS but another TLS-like protocol called
> Noise Pipes
>

The good news is this is a single application environment and a single
encryption method.
In that context it can be updated with minimum pain.

With a billion users it does not suffer bulk collection of data well except
perhaps
as a grudge weapon long after something interesting happened.

Also as others have noted it is "old" and worthy of retirement.
As an old worthy of retirement protocol worthy national class data
analysis might make reasonably short work of it yet allowing common
communications to be less public.

i.e. the prying eyes need to focus on specific traffic and not on all
traffic.
and yet they perhaps could.

In the common use and common purpose case it seems OK to me.
In all, it is a step up from the management of Hillary's email.












-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160406/6cdce9bb/attachment.html>