|Note: recent events have lead to these topics being in the news quite often in recent weeks. However, Pond is not a reaction to those events - it was started nearly a year ago.
Traffic information, of course, isn't the whole conversation, so his wit is appreciated to make light air of the situation, but at the same time he's quite serious about this little project. I'm impressed that it compiles at all on my Arch machine, after his warning to Arch users.
On topic to your comment, unfortunately there's no way to avoid leaking traffic information, or at least the fact that there is traffic at all, to a "global passive attacker" :) gone are the days of radio silence
(Or, how to better organise a discreet relationship with the Director of the CIA.) from https://github.com/agl/pond (the source) is a good elevator pitch, for people (like me) who are taking their time getting what this is.
That's checking for integer overflow - an often-overlooked source of many security vulnerabilities.
That's a signed integer though, and I don't know if signed integer overflow has defined behavior in Go. In C that would be undefined behavior, allowing the compiler to do potentially nutty things, so you would want to do the overflow check before the increment. (Edit: considering who the author of this code is, I would assume that Go has sane defined behavior on signed integer overflow ;-)
> For secure, synchronous communication we have OTR and, when run over Tor, this is pretty good. But while we have secure asynchronous messaging in the form of PGP email, it's not forward secure and it gratuitously leaks traffic information.
This is probably a stupid question, but what exactly is the distinction here? Why can't we just think of the "asynchronous messaging" email-equivalent as long, drawn-out synchronous OTR communication?
I don't know about you people but I can't access this site in latest firefox:
Secure Connection Failed
An error occurred during a connection to pond.imperialviolet.org.
Peer attempted old style (potentially vulnerable) handshake.
(Error code: ssl_error_unsafe_negotiation)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
This is kind of ironic considering it's Adam Langley's website, but it appears his server is not indicating that it supports secure renegotiation, and apparently in the latest Firefox that's grounds to refuse a connection[1]. See:
If anyone wants to test this with me, you'll find my contact details in my HN profile and on https://grepular.com/
Both of which contain my PGP details. So by sending my your handshake message encrypted with my key, I'll reply with my handshake message encrypted with your key, then we can test.
I can not forgive Adam he removed the DANE support from Chrome in spite of fact that he was the author of the draft standard http://datatracker.ietf.org/wg/dane/
I wonder how badly the security of Pond would break if one were to build a pond-email gateway of some sort so that you could use regular imap/smtp clients (and maybe tor).
[+] [-] carbocation|12 years ago|reply
My favorite line in the article. It's a nice nod to the fact that this Achilles heel is an issue that he is aware of / takes seriously.
[+] [-] tptacek|12 years ago|reply
[+] [-] lmgftp|12 years ago|reply
On topic to your comment, unfortunately there's no way to avoid leaking traffic information, or at least the fact that there is traffic at all, to a "global passive attacker" :) gone are the days of radio silence
[+] [-] andrewcooke|12 years ago|reply
also, is code like this https://github.com/agl/pond/blob/master/server/server.go#L15... just extreme defensive programming? or is there some other reason for the check (eg is not everything locked)?
also, does 2. A GPA can learn when messages are sent to a non-home server and which server that is. get weaker if there are many users?
and why is it so quiet here? am i asking dumb questions? i've been deleting the ones i work out answers to!
[+] [-] agwa|12 years ago|reply
That's checking for integer overflow - an often-overlooked source of many security vulnerabilities.
That's a signed integer though, and I don't know if signed integer overflow has defined behavior in Go. In C that would be undefined behavior, allowing the compiler to do potentially nutty things, so you would want to do the overflow check before the increment. (Edit: considering who the author of this code is, I would assume that Go has sane defined behavior on signed integer overflow ;-)
[+] [-] kragen|12 years ago|reply
Also, btw, I still have your AMOP,a nd it would be awesome to see you again.
[+] [-] losvedir|12 years ago|reply
This is probably a stupid question, but what exactly is the distinction here? Why can't we just think of the "asynchronous messaging" email-equivalent as long, drawn-out synchronous OTR communication?
[+] [-] johntb86|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] diaz|12 years ago|reply
[+] [-] agwa|12 years ago|reply
https://www.ssllabs.com/ssltest/analyze.html?d=pond.imperial...
https://wiki.mozilla.org/Security:Renegotiation
https://community.qualys.com/blogs/securitylabs/2010/10/06/d...
If you set security.ssl.require_safe_negotiation to false in about:config you should be able to establish a connection.
[1] Edit: actually it's not; the parent poster had tweaked settings in about:config ;-)
[+] [-] mike-cardwell|12 years ago|reply
Both of which contain my PGP details. So by sending my your handshake message encrypted with my key, I'll reply with my handshake message encrypted with your key, then we can test.
[+] [-] quantumpotato_|12 years ago|reply
[+] [-] self|12 years ago|reply
[+] [-] zhovner|12 years ago|reply
[+] [-] tptacek|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] zokier|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] ooorlllyyy|12 years ago|reply