Search Mailing List Archives
[liberationtech] Surespot? Re: Feedback on Threema - Seriously secure mobile messaging.
pettter at acc.umu.se
Tue Jul 16 01:42:25 PDT 2013
On 15 July, 2013 - Nathan of Guardian wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 07/15/2013 05:55 PM, Pavol Luptak wrote:
> > Any idea how to have offline secure messaging (when Jabber+OTR is
> > not possible to use)?
> Gibberbot already partially implements this, and we are working with
> ChatSecure and others to move forward with a standards-based solution
> to this. While we already have OpenPGP support on Android, we don't
> think PGP is the way to go for efficient mobile chat, and also are not
> ready to abandon forward secrecy as a feature.
> And so, our OTR offline solution is comprised of the following pieces:
> 1) Client/App supports XMPP extension for message delivery receipts
> and auto-retry:
> While the person you are trying to send a message to may be offline at
> the very moment you want to message them, it is very likely that they
> will be online at some point in the near future. If your chat client
> is always running in the background on your device, it can sense when
> they come online, and deliver the message you wrote earlier. By
> supporting delivery receipts, you can confirm it did indeed get
> through to them, and if not, continue auto-retrying until it does.
The main problem I see with this is that this still requires both clients
to be online at the same time, something which Threema, Heml.is etc.
avoids. My phone internet access is seldom a constant thing, so this
is obviously not ideal.
> 2) XMPP server that supports offline messages storage and delivery:
> ejabberd support: http://www.process-one.net/en/ejabberd/protocols/
> XMPP already has a well-established mechanism for this, and many
> open-source servers like ejabberd and prosody support it well.
> 3) Client that supports long-lived OTR sessions. If a chat
> conversation is held open, then the same OTR session key should be
> used as long as possible, i.e. until one of the participants request a
> session restart.
I assume that these two options go together, i.e. that an OTR session is
kept alive from both ends, and offline message delivery is used to send
messages over that session. Definitely a good idea - if you only work
with a single client per user. Alternatively, that you would attempt to
keep an OTR session going with each resource ever seen, and send multiple
messages (OTR v4 according to wikipedia).
Long-lived OTR session keys is also something of a relaxation of the
forward secrecy requirement, is it not? (Playing a bit of devil's
> 4) Optionally: use the OTR v3 shared "extra" symmetric key generation
> feature to encrypt offline messages and send those via a mobile push
Sidechannel message delivery definitely sounds interesting. Could you
expand on the guarantees made regarding this key? Is it the same as for
regular OTR keys? (PFS, etc)
> Would love comments on this. Anything else we might have missed?
To be quite frank, for offline message delivery to an unknown client,
the OTR model rarely holds up very well. As such, I would propose just
going for XEP-0027 (PGP-encrypted messages) if there is no OTR session
available, and trust the offline message delivery services of the
server to get them to the destination. This drops forward secrecy,
but makes it actually possible to send messages in the first place.
Moving transparently onto OTR as soon as possible would still be
a priority of course.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Petter Ericson (pettter at acc.umu.se)
More information about the liberationtech