Comments (6)
just curious, what is SAS?
from textsecure.
@f41c0r SAS is Short Authentication String, shared value (those two words displayed on screen while calling with RedPhone/Signal) which both communicating parties should verbally cross-check. With key continuity, it is sufficient to cross-check SAS only in first call (TOFU model - Trust On First Use). But without key continuity, you have to cross-check SAS in every call to avoid potential MITM attack.
from textsecure.
I think it would be wise to keep the diff of the websocket-branch absolutely minimal as long as there is a chance of it being merged upstream. Iff this can be ruled out, one should think about a real fork (with potentially different features).
from textsecure.
@h-2 This is really important basic security feature, without it even cSipSimple (or any other SIP client which supports ZRTP) is much more secure than Signal.
from textsecure.
@xmikos the other thread suggests that it might be a temporary change. Also I think that as long as we want something from moxie (i.e. to accept the patch) we should not pick other fights with him. Its not very polite or smart ;) We can discuss it afterwards, and ultimately we would want the feature to be active for mainline TS users, as well.
from textsecure.
@h-2 I surely hope that it is only temporary while Signal is in beta. But Moxie didn't write anything to assure us that it is indeed like that. Btw. I don't believe anymore that WebSocket support will ever get merged upstream.
from textsecure.
Related Issues (20)
- Can read old messages despite no password was entered HOT 7
- Pull from upstream to get Signal for Chrome HOT 3
- Huge message delays HOT 34
- No notification on receiving message HOT 3
- Create a more verifiable or transparent process for websocket releases? HOT 2
- Crash when wanting to read message on Android 6
- Making Better Decisions HOT 3
- Our relationship with LibreSignal HOT 74
- LibreSignal asks for Google Play Services HOT 5
- MMS Nonfunctional - Websocket version. HOT 3
- Update to v3.10.0 HOT 13
- 3.10.0 HOT 4
- New Push service HOT 1
- Happy I-Love-Free-Software-Day!
- Update F-Droid repository HOT 5
- Unable to build HOT 7
- Unable to checkout features/websocket-reborn as per wiki HOT 2
- Can't play Video HOT 1
- keeping settings and data HOT 8
- Update to 3.16 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from textsecure.