[Freedombox-discuss] Fwd: [SocialSwarm-D] New Retroshare Release: V0.5.3a
drbob
drbob at lunamutt.com
Mon Feb 6 12:40:44 UTC 2012
I feel there has been a bit of mis-information here. I wouldn't want to characterise the Chat-Lobbies as "secure" in any meaningful way at the moment.
People throw that word around too much - and I'm cautious to ever make such a bold claim.
They are a new addition to Retroshare - we are still working out some issues with them.
All communication goes over the F2F GPG Authenticated network.
As such everything is encrypted and hidden from the outside world.
They are a multi-hop Chat-Room, are semi-anonymous, and operate either as
- Public - where any friends can join, or
- Private - explicit invitations are required and the rooms aren't advertised.
When the "lobbies" extend over large areas of the network, you have no idea of the identity or trustworthiness of participants more than a couple of hops away. They are just, a friend of a friend, of a friend, of a friend, etc. I say semi-anonymous, because you know the identities of neighbouring participants, and could potentially infer the identities of their neighbours (???)... but the further away you get - the less you know.
We would love any help, advice on protocols and algorithms, auditing & code review that the freedombox community could provide.
DrBob.
Ps. @James, the latest version of Retroshare has significantly improved connectivity.
If you need any help, feel free to contact me directly.
On 6 Feb 2012, at 00:07, Daniel Kahn Gillmor wrote:
> On 02/05/2012 02:56 PM, Melvin Carvalho wrote:
>> Retroshare now has GPG based secure 'chat lobbies'. I've tested them
>> out and they seem pretty cool. Quite similar to IRC, but all traffic
>> is encrypted.
>
> This is interesting, thanks for the pointer. other than the source
> (which i haven't had time to audit) i'm unable to find documentation on
> how the "GPG based secure chat lobbies" are implemented. There are a
> number of tradeoffs to be made when trying to cryptographically secure
> instant messaging type communications.
>
> I'm curious to know what tradeoffs the retroshare folks decided were the
> ones to go with. Does anyone have any pointers to their protocol design?
>
> --dkg
More information about the Freedombox-discuss
mailing list