In XMPP there is a over 14 years of experience with end to end encryption in distributed chat systems. After 4 standards for e2e encryption, we are still not content. So what makes it so hard to come up with a good encryption standard? Well, to name some of the issues: - what is the threat model e2e encryption should protect against? - what about the metadata? - what about audit trails? - what about archives? - what about group chats? - what about multiple devices? - what about key-verification? After this talk you will never look at e2e encrypted chats in the same way again.
In XMPP there is a over 14 years of experience with end to end encryption in distributed chat systems. After 4 standards for e2e encryption, we are still not content. So what makes it so hard to come up with a good encryption standard? Well, to name some of the issues: - what is the threat model e2e encryption should protect against? - what about the metadata? - what about audit trails? - what about archives? - what about group chats? - what about multiple devices? - what about key-verification? After this talk you will never look at e2e encrypted chats in the same way again.