[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#733860: ITP: pond -- Forward secure, asynchronous messaging for the discerning.

Package: wnpp
Severity: wishlist
Owner: Ximin Luo <infinity0@gmx.com>

* Package name    : pond
  Version         : 0:git~2014-01-01
  Upstream Author : Adam Langley <agl@imperialviolet.org>
* URL             : https://pond.imperialviolet.org/
* License         : BSD
  Programming Lang: Go
  Description     : Forward secure, asynchronous messaging for the discerning.

For secure, synchronous communication we have OTR and, when run over Tor, this is pretty good. But while we have secure asynchronous messaging in the form of PGP email, it's not forward secure and it gratuitously leaks traffic information. While a desire for forward secure PGP is hardly new, it still hasn't materialised in a widely usable manner.

Additionally, email is used predominately for insecure communications (mailing lists, etc) and is useful because it allows previously unconnected people to communicate as long as a (public) email address is known to one party. But the flip side to this is that volume and spam are driving people to use centralised email services. These provide such huge benefits to the majority of email communication, so it's unlikely that this trend is going to reverse. But, even with PGP, these services are trusted with hugely valuable traffic information if any party uses them.

So Pond is not email. Pond is forward secure, asynchronous messaging for the discerning. Pond messages are asynchronous, but are not a record; they expire automatically a week after they are received. Pond seeks to prevent leaking traffic information against everyone except a global passive attacker.

Reply to: