Follow

Kaidan, KDE's instant messaging app for Jabber, gets financial support from the NLnet Foundation to implement end-to-end encryption.

kaidan.im/2021/01/07/end-to-en

@kde hmmm wouldn't it be better to merge this with neochat (or the other way round)? Users shouldn't care if there is matrix or xmpp running beneath a beautiful and stunnig chat app.

@tuxflo @kde the UI already looks pretty similar between them, at least for the mobile portion. Merging them does not sound like a good idea. I'd rather have each app tailored to the specific protocol.

@brad @tuxflo There were some plans in making shared chat components so that it is easier to develop a kirigami chat application but abstracting the backends is too complicated and we would need to make some compromises. Better is to have 2 good applications, each for one protocol than one big application that doesn't work correctly.

@carl @brad OK then I hope that both applications will be great and the that there is enough (wo)manpower to keep the great development speed of the KDE projects.

@0 @kde seems like it is... what else Should it be?

@jr

Anything that doesn't blow the availability #security property out of the water, such as #OpenPGP.

@kde

@0 PGP is not suitable for most users of instant messaging.... the want it to just work and not want to setup many things.... and as far as I understand kaidan aims to be a client for those people

@jr

There's an #XEP draft out there to make what's essentially an #XMPP analogous to #AutoCrypt. There's nothing intrinsically wrong with #OpenPGP that would stop it being used in trust on first contact mode. And you still have the option of trust + verify (i.e., have / have not checked fingerprints) and trust + verify + sign.

@jr

Besides, the point is not the suitability of #OpenPGP but the patent unsuitability of #OMEMO as a serious solution.

@0 with the current it does not have patent problems anymore AFAIR

Just out of curiosity do you use OpenPGP with XMPP personally? I know just one person that does it consciously, everyone else can hardly configure clients to do it so I’m asking for a data point in case :)

@wiktor

No. I use #OpenPGP in a business context as part of certain processes but in general #email, #XMPP and #telephone conversations happen in the clear, both business-related (unless initiated #encrypted by the other party, which does happen occasionally) and personal.

Sensitive stuff is only discussed face to face and always stays out of *any* computer system.

@wiktor
I could of course configure it if I wanted to (edit, in fact, it already is, thanks to #OpenKeyChain + #Conversations / #BlabberIM 🙂, literally two clicks), but I consciously decide not to, as it offers more false #security than real protection.

Given your tags (aviation) and the TLD (fr) I think I can already guess the business name :)

Thanks for your reply! I'd gladly inquire more but don’t want to enter the business sensitive territory.

See you later! 👋

@0 @jr Any from the xmpp.org/extensions/inbox/? (indeed, if someone doesn't need PFS then PGP-based solution could be better/easier)

@jr @0
With TOFO trust model it should be easy to use openpgp. One problem may to share the private key. But lot of users just use the mobile device, I guess.

@stefan

Installing one's private key across devices remains an issue regardless, whenever there's a private key in the first place.

#OMEMO pretends to get around this by authenticating devices not users.

@jr

@kde Good, we need something that is on feature parity with #Conversations on #Android.

@kde
We really need this, a flagship, cross platform xmpp app with OMEMO encryption!!

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!