issues
search
freedomofpress
/
securedrop-protocol
Research and proof of concept to develop the next SecureDrop with end to end encryption.
GNU Affero General Public License v3.0
47
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Attack on indistinguishability: server excludes some journalists when keys are fetched
#56
lumaier
opened
3 days ago
1
Missing Message Agreement
#55
lumaier
opened
1 week ago
0
Update README section 'Limitations and Discussion'
#54
lsd-cat
opened
3 weeks ago
0
Vulnerability found: Key Replacement on Source Submission
#53
lumaier
opened
2 months ago
2
README: check consistency of indexes and iterators
#52
lsd-cat
opened
3 months ago
0
README: suggested improvements for protocol flow diagram
#51
lumaier
opened
3 months ago
0
Update README of Journalist and Source message_id fetching protocol
#50
lumaier
closed
3 months ago
1
Bucketing proposal to drop the message limit
#49
lsd-cat
opened
4 months ago
2
Refactor to be KEM-oriented instead of DH-oriented
#48
bifurcation
opened
4 months ago
4
Add repository overview to README
#47
eloquence
closed
4 months ago
1
Add brief inventory of PoC implementation
#46
eloquence
closed
4 months ago
1
Discussion of server attack scenarios (and clarification of protocol goals)
#45
rocodes
opened
4 months ago
0
Better terminology to describe server posture
#44
rocodes
opened
4 months ago
0
message_id enumeration requirements
#43
ayende
opened
4 months ago
4
Rust and Go
#42
yonas
closed
4 months ago
1
Potential vulnerability with the use of scalarmult to generate keys
#41
ayende
closed
4 months ago
3
Update README prior opening access; remove outdated wiki page; add blog posts and audit info.
#40
lsd-cat
closed
5 months ago
0
Reverting "Fix misc. string encoding issues" to fix manual merging error
#39
lsd-cat
closed
5 months ago
1
Copyedit pass on README.md & code comments
#38
eloquence
closed
5 months ago
0
Fix misc. string encoding issues
#37
eloquence
closed
5 months ago
1
Address and analyze the preliminary audit
#36
lsd-cat
opened
5 months ago
1
Compare to and use Oblivious Message Retrieval terminology
#35
lsd-cat
closed
3 weeks ago
2
Why not using MLS ?
#34
beurdouche
closed
3 weeks ago
1
Formal Analysis of Protocol
#33
felixlinker
opened
8 months ago
4
Define PKI structure and policies
#32
lsd-cat
opened
9 months ago
0
Server might swap, replace, replay ciphertexts
#31
lsd-cat
opened
9 months ago
2
Decide the deniability/authenticity requirements for the message encryption
#30
lsd-cat
opened
9 months ago
5
draft TLA+ model of the server as a message queue with clients
#29
cfm
opened
10 months ago
0
compare attachment design with MIMI external-content proposal
#28
cfm
opened
11 months ago
0
Add clear statement of the desired security properties
#27
lsd-cat
opened
11 months ago
0
draft Tamarin security model
#26
cfm
closed
5 months ago
6
Journalist fetching keys are signed and verified using the newsroom key instead of their own signing key
#25
lsd-cat
closed
6 months ago
1
Drop python-ecdsa and port all crypto operations to libsodium
#24
lsd-cat
closed
8 months ago
4
Migrate to a cross-platform, well-established crypto library
#23
lsd-cat
closed
6 months ago
5
diagram asymmetric construction
#22
cfm
closed
11 months ago
2
consider domain-agnostic terminology for protocol participants
#21
cfm
opened
11 months ago
3
Add info about source submission to journalists; add info regarding the need to hash the result of DH agreements
#20
lsd-cat
closed
5 months ago
2
Readme wording suggestions
#19
rocodes
closed
11 months ago
1
summarize client-side asymmetry
#18
cfm
closed
11 months ago
0
Implemented newer message fetching mechanism; minor code refactoring; major documentation refactoring
#17
lsd-cat
closed
11 months ago
1
Consider removing Diffie-Hellman operations with inverted keys
#16
eaon
closed
6 months ago
25
Consider replacing references to "zero-knowledge" and "proofs"
#15
eaon
closed
11 months ago
2
Understand the feasibility of source to source communication
#14
lsd-cat
closed
3 weeks ago
3
Disallow sources to access or delete their own submissions
#13
eaon
closed
8 months ago
1
Onboard Jen & Mickael
#12
sssoleileraaa
closed
1 year ago
3
Onboard Nathan
#11
eloquence
closed
1 year ago
2
Sources are able to access and delete attachments/uploads because they know the `file_id`
#10
eaon
opened
1 year ago
9
Ephemeral Keys in replies (journalist to source)
#9
lsd-cat
opened
1 year ago
2
Treat messages and metadata as attachments
#8
lsd-cat
opened
1 year ago
1
Add Threads view to Journalists
#7
TheZ3ro
closed
1 year ago
0
Next