Tox.im

rysiek rysiek at hackerspace.pl
Tue Feb 3 19:23:12 PST 2015


Dnia środa, 4 lutego 2015 03:04:56 stef pisze:
> On Wed, Feb 04, 2015 at 12:59:06AM +0100, rysiek wrote:
> > Answer B:
> > Can you please direct me towards any software that in your opinion does
> > not
> > have a problem with the "host security" part?
> > A single example of any program,
> > say any communication program, like IM, VoIP, e-mail client, etc,
> > installable on a chosen operating system.
> 
> i can: pond stores the key material in tpm, whether to trust tpm or not is
> open for debate. gpg is able to work with smartcards, and qubes has this
> split-pgp mode. these are all quite cool approaches to the host security
> problem.

Nice, didn't know about pond. Still, Tox got a no-no from me on host security 
(for as simple thing as not having a password on private keys), so... ;)

Maybe it's a good moment to add a point to your list of snakeoil tell-tales:
 - "does not have decent documentation of protocols/mode of operation
    available"

As Tox shows (as if it needed to be shown...), source code is not enough, by 
far. Had the protocol been documented, we would already have a Python 
implementation, probably, which would solve the "oh crap, C" problem.

> i think in general it is about compartmentalization of sensitive
> material, if possible in external fully controlled hw with very simple
> observable interfaces.

Absolutely.

> > Problem is, people DIE, NOW, because they use Skype. Not because they
> 
> they will they as well if they use the right tools but wrongly. :/

That's true.

> > How about we let stef talk about that himself.
> 
> you troll. :)

Always at your service. :)

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150204/3991f11c/attachment-0002.sig>


More information about the cypherpunks mailing list