Re: [p2p-hackers] The next gen P2P secure email solution
On Fri, Jan 10, 2014 at 12:58 AM, James A. Donald <jamesd@echeque.com> wrote:
No... we are specifically talking about developing decentralized solutions here, so that that centralized lookup authority context and risk goes away. Yes... a low latency non-fixed-length non-chaffed network will still have some characteristic risks... timing, etc. Yet likely nowhere near the order of the above centralized issues.
That is just designing good applied crypto in the former, which nullifies the latter.
Red herring-ish, but if you want to get your friends off Skype, don't wait for the golden solution. Pick something good-enough and use that. I've had moderate success migrating people to Jitsi. Similar ease of use once set up, and they now allow jit.si account creation within the application (under the XMPP option). Obviously not genuinely P2P. The only semi-viable alternative I can think of that *is* P2P, but have not yet tried, is VoiP in Retroshare. However, as I suggested in another thread, I'm not convinced Retroshare is up to the hard-crypto standard some people here might demand. That is, it'll block virtually everyone, but not the real fascists. Back on topic, I'm not sure that it's possible to achieve low-latency and endpoint obfuscation for something that requires streaming like VoiP. Tor is already pushing the boundaries of low-latency mixing with an asynchronous protocol that doesn't *require* perfect synchrony, such as would be required of VoiP. So you might have to sacrifice obfuscation of *who* you're talking to in order to achieve security across the wire, or trust third parties such as VPNs or friend-to-friend connections (Retroshare model) to provide lots of bandwidth. On 11/01/14 08:29, grarpamp wrote:
On Sat, Jan 11, 2014 at 5:57 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me> wrote:
For any app really, ditto on success, especially if there's a windows port. Various approaches usually work: - "I need someone to test with" - "This is what I use a) your thing doesn't work for me b) this is better or c) tough" - Etc If you're willing to put in the time to show people, they will use it.
There are people reporting that voice over Tor hidden services is at least barely to actually useable, there is a lot of variance though. Streaming low bitrate music is no problem. Latency is about a second, setup can be a few+ seconds. Again, variance rules. Regarding attacks, low latency and bulk data streams present different surfaces. It would be interesting to see an anonymous network that fills the entire banwidth you allocate to your node with chaff during the time in which you do not otherwise need it. The anonbib probably has something to say about that. The subject is regarding large scale P2P secure messaging,(email) not particularly the subthread of voice / general data transport.. I can see some advantage to using/modifying/merging ideas from say Tor, cjdns and similar general transports for messaging. Is there possibly a grand unification transport here?
Dnia sobota, 11 stycznia 2014 10:57:41 Cathal Garvey pisze:
I have tried it, worked straight off the bat. Behind a NAT.
Well, it seems "good enough" for Joe Schmoe, and is easy enough to set-up and use (still being much crypto-safer than Jitsi, I guess). -- Pozdr rysiek
participants (3)
-
Cathal Garvey -
grarpamp -
rysiek