What advantage does Signal protocol have over basic public key encryption?
Karl
gmkarl at gmail.com
Mon Jan 25 11:06:51 PST 2021
> On 1/24/21, David Barrett <dbarrett at expensify.com> wrote:
>> Hi all, I'm the CEO a company called Expensify, developing a new open
>> source chat application at https://Expensify.cash. I was pretty
>> prolific on the p2p-hackers mailing list back in the day, but this is my
>> first post to Cypherpunk, so... hi!
>
> Punk's comment on javascript has merit. It's hard to secure
> javascript. It's gotten easier, but it's still designed for the web,
> where everything you do is handed to you by a stranger.
Re Signal and Javascript, Signal offers its code in a signed binary,
and offers the source to that binary for anybody to build and check.
I'm not aware that javascript has a way to provide cryptographic
signatures of its code, but I've been out of the loop for a while.
Basically a number of the design choices around signal demonstrate
trust. Some do not. But more than most projects out there.
More information about the cypherpunks
mailing list