Closed oskarth closed 4 years ago
@adambabik @decanus fyi updated
Connecting with this issue that is related https://github.com/status-im/bigbrother-specs/pull/7#issuecomment-486925514
Elaborate more on bid process https://github.com/status-im/status-react/blob/c9994b5d0f72377ec51000541e6b02500f8430f5/src/status_im/utils/clocks.cljs
Largely done; closing as no longer relevant. If we want to do further QA of specs, I suggest we do this through more specific issues.
This should give an overview of how we provide conversational security in Status.
See https://github.com/status-im/specs/blob/master/x6.md for current draft (kudos to @cammellos @PombeirP), as well Adam's initial spec.
The main issue with the current PFS whitepaper is that it treats PFS as a special thing, as opposed to talking about conversational security more generally (this might be more of a naming thing though - in any case it shows that we think of PFS as something (too) special). It's also not clear enough in terms of what guarantees we always make. We might also want to mention aspects like PCS.
As well as general evaluation based on SoK Secure Messaging, see inline doc.
Acceptance criteria
In terms of who will judge, it'll be 2-3 main groups initially:
Questions spec should answer
Security and Privacy
Confidentiality Integrity Authentication Participant Consistency Destination Validation Forward Secrecy Backward Secrecy Anonymity Preserving Speaker Consistency Causality Preserving Global Transcript Message Unlinkability Message Repudiation Particip. Repudiation Adoption
Out-of-Order Resilient Dropped Message Resilient Asynchronicity Multi-Device Support No Additional Service Group chat
Computational Equality Trust Equality Subgroup Messaging Contractable Expandable
Example technologies
Trusted servers (mailservers?) Double ratchet X3DH Prekeys
Also note that multidevice fits here, fyi @decanus