[Cryptography] Signal planning to drop support for plaintext SMS
William Allen Simpson
william.allen.simpson at gmail.com
Tue Nov 1 02:12:37 EDT 2022
On 10/31/22 12:44 PM, Rick Smith wrote:
> On Oct 31, 2022, at 7:30 AM, John Denker <jsd at av8n.com> wrote:
[...]
>> A "principle" that requires two different apps is even worse.
>
> If we are using the word “app” to refer to the user experience, then I strongly disagree. There needs to be a distinct visual difference between a ‘critically secure’ activity and a less-significant one. For example, most browsers today always show a padlock whether the web page is SSL/TLS protected or not. If unprotected, the padlock is crossed out. I don’t mind this myself since I’ve been looking for the padlock for a long time now.
>
> On iOS and Android, separate ‘apps’ run in separate storage contexts. This is about as much ‘red black separation’ as I expect to see in security-conscious commercial software.
>
We're talking past each other. This is a usability issue.
When Signal stops communicating with most of my correspondents,
then Signal will no longer appear in my 4 common apps, and
eventually will likely never be used.
In my case, I hardly ever text, and very few of my
correspondents use Signal.
For usability, it is better to have things under one User
Interface. The lock icon provides sufficient indication.
Here, secure and insecure streams are a property of being
encrypted in transport, not at rest.
Any red/black separation isn't applicable, as we are not
using separate devices.
More information about the cryptography
mailing list