[Cryptography] any reviews of flowcrypt PGP for gmail?

Phillip Hallam-Baker phill at hallambaker.com
Thu Sep 3 00:13:49 EDT 2020


On Fri, Aug 28, 2020 at 9:17 PM Paul Wouters <paul at cypherpunks.ca> wrote:

> On Wed, 26 Aug 2020, Stephan Neuhaus wrote:
>
> > That's a deliberate decision by Signal, and I for one applaud them for
> at
> > least trying. I honestly don't want another geek-only tool that only
> geeks
> > use.  Of course you may have a different opinion when your requirements
> are
> > different.  If I were a dissident, I would probably not use Signal.
>
> The solution is two apps. One with Stickers and Emoji and the kitchen
> sink, and one with just the secure messaging core. If I was further in
> my retirement phase, I might have taken on the work to try and publish
> a stripped down version of Signal[*]
>
> Paul
> [*] If you have a funding source, I can do it sooner :)
>

The solution here is an open standard that allows two apps to talk to each
other. And that is what the IETF should have done instead of MLS.

Developing a technology for folk to apply to their walled gardens... that
is really not what the IETF should be about.

Oh and, I don't see emoji as much of a problem to implement. Its just
unicode at this point. Same as support for any non-Latin character set.

At this point I have 'most' of an end to end secure messaging scheme. But
that is not the area to address to find an early adopter community.
Contact, Bookmark and password management provide a unilateral benefit even
if nobody else uses the Mesh while still building a user base that can
start to exploit a network effect if it reaches critical mass.

I would not want to copy the Signal approach because I really don't think
it scales. Messaging in a room with 20 people can be peer to peer it
rapidly collapses if more than that try to engage at once. So there are no
peer to peer rooms with 1000 people in, not even 100. So you have to
introduce structure to keep the system running. That's why the Hells Angels
use Robert's Rules of Order for their meetings.

There is no real difficulty doing 20 ECC key exchanges to rekey a smaller
meeting. And that allows a much more reliable approach than the tree.
Having been in multi person Signal rooms... nope, not copying that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200903/e852e394/attachment.htm>


More information about the cryptography mailing list