Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sat Sep 14 03:03:19 PDT 2013


Hi all,

i would like to notice that in those "internet freedom space" there's a
missing component in the communication security landscape, that's the
ability to interoperate between "Web" and "Mobile" for communication
security technologies.

The user have only those two platform, a browser and a mobile phone with
downloadable apps.
Everything else requiring to install an application over a desktop
computer is IMHO destinated to be a total failure.

So, if that's a valid assumption, we need focus on having "internet
freedom technologies" working on a web browser and as mobile phone apps,
being interoperable among them

Everything else is IMHO a waste of time and money.

Let me identify 3 major area where those kind of stuff should apply:

*Realtime Instant Messaging:**
*Web Browsers support, trough CryptoCat, realtime instant messaging with OTR
Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime
instant messaging with OTR

The GAP is: The technologies are not "interoperating by default" but
they could and should do it, by default.

*Voice:**
*Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications.
Mobile Clients now speak ZRTP for encrypted communications.

The GAP is: We need Mobile Clients that interoperate with Web Browsers
trough WebRTC, within a federated telephony system.

*Asyncronous Instant Messaging:**
*That's a major issue, because there's no easy end-to-end encryption
standard handling asyncronous messaging with PFS (SMS-like experience),
and each vendor is going with it's own custom implementation.
RedPhone used it's own approach:
https://whispersystems.org/blog/asynchronous-security/
Silentcircle used it's own approach:
https://business.silentcircle.com/scimp-protocol/

There's not event an interoperable and standard way to do secure
Asyncronous instant messaging (SMS or skype like experience), with end
to end encryption and forward secrecy.

The only "standard" alternative is to use email with OpenPGP, but
without any kind of "forward secrecy"

The GAP is: We need to first research and agree on an IETF standard for
that technology, then have it implemented over Mobile phones and Web
Browsers.


I hope this short analysis would trigger a discussion and/or a
brainstorming by our ecosystem player on which could be some priority to
work on, looking for a challenging interoperability between a Web
Browsers and Mobile phones.

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130914/af82949c/attachment.html>


More information about the liberationtech mailing list