security is always a trade-off with convenience/usability and IMO that
layer on top of plaintext protocol would be minimal comparing to already
your OS surface. And if you go in that direction then why not go further?
develop a basic custom minimalistic OS (in a way that compiled code could
be verified in case of compiler backdoor) for just single purpose for
secure messaging. It could be booted from CD-ROM or read-only flash, would
self-verify itself and PC hardware for known anomalies, present you with a
hash of environment so you've memorized it and if it ever changes you know
someone have touched something on your PC, maybe BIOS, maybe other firmware
maybe your boot medium etc. Then you would plugin your security token with
encrypted GPG key and you could securely message. But actually no, you
wouldn't use just general purpose computer, you would have developed a
custom computer from ground-up with every single chip and transistor to be
verifiable and it would serve only this single purpose of secure messaging.
But now what if your friend doesn't do the same? it's all bets off and
you've lost because it will be easier to "attach" to other end than you.
Anyway I see a reason for both of these use cases, encrypted feature full
messaging and just extremely secure basic plaintext messaging. But if you
go with latter then I wouldn't stop in middle that is I wouldn't use same
general OS but something trimmed down. I think currently Tails is pretty
good and it comes with Pidgin OTR and you can use it over IRC network which
is basically a simple plaintext protocol so your case is already covered I
think.
So for this first case of feature full messaging, XMPP seems to be a good
choice.
2014-07-07 17:55 GMT+03:00 rysiek
Dnia poniedziałek, 7 lipca 2014 16:06:47 Dāvis Mosāns pisze:
I don't agree, I think XMPP could be good solution, while yes attack surface is quite large but it will be in any case, because even if you create the very minimalist chat protocol possible (let's say basically use asymmetric cryptography for messages which are plaintext without any features) you still can have bugs in cryptography library, network stack, OS/kernel. This part will be same no matter what messaging protocol you use.
Exactly. And that's an argument for NOT minimizing the attack surface beyond these problems... how exactly?
I mean, your argument is basically: "don't wash your hands, as there might be salmonella in the eggs anyway". Dafuq?
-- Pozdr rysiek