[Cryptography] Signal planning to support for plaintext SMS
Kevin W. Wall
kevin.w.wall at gmail.com
Sun Oct 30 22:33:47 EDT 2022
On Sun, Oct 30, 2022 at 7:27 PM Ralf Senderek <crypto at senderek.ie> wrote:
>
> On Sun, 30 Oct 2022, John Denker wrote:
>
> <snip>
> > When there are two apps, if I want to find a message, I have
> > to look in two places. Half the time this doubles the workload.
> > This is a step backwards in terms of usability.
>
> > By the same token, if I want to send a message, I have to
> > choose which app to use. If I choose the SMS app, I will
> > send an insecure message, even when it would have been
> > possible to send a secure message. So this is backwards in
> > terms of security as well as usability.
>
> I think this assessment isn't plausible, because using two different
> apps would certainly also split the set of users anyone communicates
> with into people like Alice, who uses the new Signal and blokes
> like Bob who never intends to send and receive a secure message.
> So you'd know where to look when you search for a person's
> message. And if you don't find Alice in the insecure app this is
> a good reminder not to send her insecure messages as she don't
> want that to happen. I don't see why this would be a step
> backwards in terms of security.
>
I think it's a little more complicated than that if Signal wants to
continue to use group texts.
Because there will be scenarios in group texts where some of the recipients
are using Signal and some of them are not. Plus, that could vary over time
and some recipients who are using Signal may stop (it happens) and some who
were not originally start to use it. So if you have to use 2 different
apps, that will complicate knowing where to look.
I suppose there are other UI/UX alternatives though, maybe like choosing
different colored fonts for secure vs insecure messages.
-kevin
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221030/9ecbe596/attachment.htm>
More information about the cryptography
mailing list