WhatsApp issue (https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages …) isn't really a backdoor, but it highlights the need for key transparency (https://security.googleblog.com/2017/01/security-through-transparency.html …)
Yes but the same could be said for non-blocking notifications, and people seem to think that's not good enough.
-
-
Blocking what? Retransmission of in-flight messages? Notification style seems independent of whether key change is auditable
-
In this case people are told a key change occurred, the objection is that it's after the fact. CONIKS is even more so.
-
.
@whispersystems@martinkl CONIKS, implemented correctly, is way more secure than what Signal/WhatsApp is doing. -
.
@whispersystems@martinkl And that's not the objection. The objection is there's no way to distinguish legit key changes. -
.
@whispersystems@martinkl without manual verification, which many of my friends have no idea how to do since you introduced security codes -
.
@whispersystems@martinkl CONIKS (correctly done) & blockchains can both make manual verification unnecessary while providing same security -
.
@martinkl Key Transparency doesn't help this problem much, but CONIKS does/can.@whispersystems -
Agree with your assessment. But I thought Key Transparency was an implementation of CONIKS — am I mistaken?
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.