Email or username:

Password:

Forgot your password?
dansup's posts Post Back to profile
Top-level
Ariadne Conill 🐰

@dansup has anyone actually reviewed this for security?

5 Aug 2023 at 12:33 | Wall-to-wall | Open on social.treehouse.systems
7 comments
dansup

@ariadne Not yet, I'm going to publish an RFC before anything is shipped, and I'm going to get my buddy who created CryptPad to help with the crypto, I'm looking to implement the signal protocol (double ratchet). If your interested in helping or just critiquing haha, I'd love that!

5 Aug 2023 at 12:38 | Open on mastodon.social
Tim Panton

@dansup @ariadne you might want to look at MLS instead of signal, it supposedly has some advantages. (And an RFC)

5 Aug 2023 at 13:39 | Open on chaos.social
Adrian McEwen

@steely_glint @dansup @ariadne

I'm assuming that's Messaging Layer Security? rfc-editor.org/rfc/rfc9420.htm

An RFC would be a big step up from piecing things together from code, and white papers from both Signal and Whatsapp(!), which was my experience getting libsignal working. That was back in 2018, though, so maybe the docs are better now.

A federated secure messaging client is a boss idea!

5 Aug 2023 at 13:53 | Open on mastodon.me.uk
Tim Panton

@amcewen @dansup @ariadne
Yeah, I've been following along the progress of MLS and its looks like it now has quite a bit of momentum. It also has a (rust) reference implementation if I remember correctly.

5 Aug 2023 at 13:59 | Open on chaos.social
Adrian McEwen

@steely_glint @dansup @ariadne
Bah, I'm trying to delay learning Rust as I've already got too many projects on the go 🤣

That does remind me though, I wonder what the Precursor betrusted.io/ is using for messaging (that's all Rust).

*checks*

Seems they're running at Matrix first, but a future Fediverse secure messaging client for that would be nice

5 Aug 2023 at 14:12 | Open on mastodon.me.uk
DELETED

@steely_glint @dansup @ariadne
I think @dansup has just the right idea. The Signal protocol is the most recognized and respected E2EE technology out there. Tech casuals trust it, which is important for adoption.

Dan has hard work ahead, but if this reaches the point where Fediverse DM's across platforms default to E2EE encryption, that would be *huge*! Looking forward to the rollout and successful audits.

5 Aug 2023 at 14:33 | Open on mastodon.social
The Doctor

@ariadne @dansup We just found out about it. Probably not yet.

5 Aug 2023 at 17:16 | Open on hackers.town
Go Up