undefined | Better HN

0 pointstreyd2y ago0 comments

PGP is poorly suited for live conversations with rotating members like this since it doesn't support post-compromise security or perfect forward secrecy (not in-protocol, at least), which most people would expect from an E2EE chat protocol. I was speaking of protocols that did have these properties.

TreeKEM also manages sublinear communication, constant per message (since there's a shared secret already used for the ratchet) and logn for key updates or group membership changes.

0 comments

thaumasiotes2y ago

The concept of encryption is poorly suited for live conversations with rotating members. If you don't know who you're talking to, there's no point in encrypting your message.

> I was speaking of protocols that did have these properties.

The method PGP uses to encrypt messages to multiple recipients will still work for whatever protocol you have in mind. Why is your dislike for PGP relevant?

treydOP2y ago

That's pretty reductive, perhaps you don't have a fully connected graph of relationships in a group but other parties you do know in a group you trust to vouch for others. There's also lots of data privacy/security compliance reasons you'd want to have E2EE with large groups. I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.

I don't dislike PGP I'm just saying that it doesn't natively have PFS and PCS, which are generally accepted by security people as being necessary properties for a protocol to be considered full E2EE.

thaumasiotes2y ago

> I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.

But it's impossible for the authority to achieve that goal. If they manage the group membership, they are free to add themselves and read the discussions.

j / k navigate · click thread line to collapse

0 pointstreyd2y ago0 comments

TreeKEM also manages sublinear communication, constant per message (since there's a shared secret already used for the ratchet) and logn for key updates or group membership changes.

0 comments

thaumasiotes2y ago

The concept of encryption is poorly suited for live conversations with rotating members. If you don't know who you're talking to, there's no point in encrypting your message.

> I was speaking of protocols that did have these properties.

The method PGP uses to encrypt messages to multiple recipients will still work for whatever protocol you have in mind. Why is your dislike for PGP relevant?

treydOP2y ago

thaumasiotes2y ago

But it's impossible for the authority to achieve that goal. If they manage the group membership, they are free to add themselves and read the discussions.

j / k navigate · click thread line to collapse