Don’t Use Session (Signal Fork)
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I'll say today: Don't use Session. The main reason I said to avoid Session, all those months ago, was simply due to…
http://soatok.blog/2025/01/14/dont-use-session-signal-fork/
=> More informations about this toot | More toots from soatok@furry.engineer
@soatok do noise or MLS explicitly prevent KCI?
=> More informations about this toot | More toots from risottobias@tech.lgbt
@soatok ooo smarter question: how does signal prevent KCI?
=> More informations about this toot | More toots from risottobias@tech.lgbt
@risottobias Ratcheting protocols
=> More informations about this toot | More toots from soatok@furry.engineer
@risottobias See also, https://github.com/soatok/rawr-x3dh :P
=> More informations about this toot | More toots from soatok@furry.engineer
@soatok but how would that prevent e.g. the federated key exchange starting point of your implementation?
Like they start with a first key no?
=> More informations about this toot | More toots from risottobias@tech.lgbt
@risottobias The key thing I'm building is for signing keypairs.
Those keypairs sign an ephemeral public key. There is no long-term x25519 public key in my design.
=> More informations about this toot | More toots from soatok@furry.engineer
@soatok also, on a signal ratchet, aren't the ratchet negotiations also "in band"?
=> More informations about this toot | More toots from risottobias@tech.lgbt
text/geminiThis content has been proxied by September (ba2dc).