security is always a trade-off with convenience/usability and IMO that
   layer on top of plaintext protocol would be minimal comparing to
   already your OS surface. And if you go in that direction then why not
   go further? develop a basic custom minimalistic OS (in a way that
   compiled code could be verified in case of compiler backdoor) for just
   single purpose for secure messaging. It could be booted from CD-ROM or
   read-only flash, would self-verify itself and PC hardware for known
   anomalies, present you with a hash of environment so you've memorized
   it and if it ever changes you know someone have touched something on
   your PC, maybe BIOS, maybe other firmware maybe your boot medium etc.
   Then you would plugin your security token with encrypted GPG key and
   you could securely message. But actually no, you wouldn't use just
   general purpose computer, you would have developed a custom computer
   from ground-up with every single chip and transistor to be verifiable
   and it would serve only this single purpose of secure messaging. But
   now what if your friend doesn't do the same? it's all bets off and
   you've lost because it will be easier to "attach" to other end than
   you.
   Anyway I see a reason for both of these use cases, encrypted feature
   full messaging and just extremely secure basic plaintext messaging. But
   if you go with latter then I wouldn't stop in middle that is I wouldn't
   use same general OS but something trimmed down. I think currently Tails
   is pretty good and it comes with Pidgin OTR and you can use it over IRC
   network which is basically a simple plaintext protocol so your case is
   already covered I think.
   So for this first case of feature full messaging, XMPP seems to be a
   good choice.
   2014-07-07 17:55 GMT+03:00 rysiek <[1]rysiek@hackerspace.pl>:

     Dnia poniedziałek, 7 lipca 2014 16:06:47 Dāvis Mosāns pisze:

   > I don't agree, I think XMPP could be good solution, while yes attack
   > surface is quite large but it will be in any case, because even if
   you
   > create the very minimalist chat protocol possible (let's say
   basically use
   > asymmetric cryptography for messages which are plaintext without any
   > features) you still can have bugs in cryptography library, network
   stack,
   > OS/kernel. This part will be same no matter what messaging protocol
   you
   > use.

     Exactly. And that's an argument for NOT minimizing the attack
     surface beyond
     these problems... how exactly?
     I mean, your argument is basically: "don't wash your hands, as there
     might be
     salmonella in the eggs anyway". Dafuq?
     --
     Pozdr
     rysiek

References

   1. mailto:rysiek@hackerspace.pl