Adam Back wrote:
You seem to be arguing that the primary goal should be to have best security, from the outset. ie one gets the impression from reading your previous two posts that you consider ultimate security more important than deployment. If this is what you are saying, I disagree.
No, I am arguing that if deployment of privacy is your goal, then you need _some_ base level of security before you've really deployed privacy. Deploying crypto is not the same thing. I do agree that it's important to get stuff "out there" in whatever form (partly to get it fixed, but mainly so it can't be shut down). I just think the closed source route is a dead end. I also think that the free crypto libraries exist, and now it would be nice to see free crypto applications. By that I mean turnkey stuff with Windows installation programs and GUIs that normal people can use--and *source* (turnkey for developers too). Make it easy to have privacy, basically. [...]
if people mention software, it is nice to know some details: why should we be interested in your software etc.
Well, it's early days (I am just designing and prototyping now), but my goal is to make a decentralised secure messaging client that ordinary ISP users can use without any special resources. Something like icq, but with crypto and without any central server, the intention being that it would be easier to set up and harder to filter or shut down. I have in mind an abstract messaging service that can be extended to use whatever channel or drop-point happens to be available (e.g. irc, direct sockets, email, remailers, ftp, usenet, intermediaries, icq). So for example you could use irc just to rendezvous with someone (or meet them in the first place), then use diffie-hellman to establish a private channel for a real-time chat, then subsequently use an ftp site or a newsgroup to exchange offline messages. The challenge is to make this easy. It's something I want for myself, but I figure with the addition of a nice GUI and an installer etc., it could be of wider interest. (And no, I have no idea when I'll have some code to show, but I guess now I've mentioned it I better finish it :) Cheers, Frank O'Dwyer.