Discussion:
[whispersystems] Signal Server source code
Michel Le Bihan
2016-03-20 17:07:30 UTC
Permalink
It would be really great if OWS released RedPhone server source code. I
think it's very important that the server is FOSS to.

As for support questions, they can be asked on the forum and other
users would reply to them. OWS wouldn't have to do anything in such a
case.

I hope that OWS will reconsider their decision on this topic.
Stephen Michel
2016-03-20 17:20:51 UTC
Permalink
Post by Michel Le Bihan
It would be really great if OWS released RedPhone server source code. I
think it's very important that the server is FOSS to.
As for support questions, they can be asked on the forum and other
users would reply to them. OWS wouldn't have to do anything in such a
case.
I hope that OWS will reconsider their decision on this topic.
1) Even with source release, we're still trusting that the running
server is an unmodified copy. Fortunately, everything is end-to-end
encrypted; the security model doesn't rely on trusting the server (with
call contents, obviously potentially sensitive metadata is available).
2) Release of the RedPhone server code is still important. If Signal is
targeted and forced to take their service offline (or if the service is
blocked, like it actually has been in some areas of the world), we need
to be able to replace it.
3) My understanding -- correct me if I'm wrong -- was that OWS intends
to release the Redphone server source, but has decided it is not a
priority.
Michel Le Bihan
2016-03-25 20:36:10 UTC
Permalink
Post by Michel Le Bihan
It would be really great if OWS released RedPhone server source
code. 
I
think it's very important that the server is FOSS to.
As for support questions, they can be asked on the forum and other
users would reply to them. OWS wouldn't have to do anything in such a
case.
I hope that OWS will reconsider their decision on this topic.
1) Even with source release, we're still trusting that the running 
server is an unmodified copy. Fortunately, everything is end-to-end 
encrypted; the security model doesn't rely on trusting the server
(with 
call contents, obviously potentially sensitive metadata is
available).
Yes, but it would be interesting to run it and analyze it...
Also, please read https://github.com/JavaJens/TextSecure/issues/44
2) Release of the RedPhone server code is still important. If Signal
is 
targeted and forced to take their service offline (or if the service
is 
blocked, like it actually has been in some areas of the world), we
need 
to be able to replace it.
3) My understanding -- correct me if I'm wrong -- was that OWS
intends 
to release the Redphone server source, but has decided it is not a 
priority.
AFAIK OWS doesn't want to release the Redphone server source, but I
want to convince them to do so...
Stephen Michel
2016-03-25 21:23:30 UTC
Permalink
Post by Michel Le Bihan
Post by Stephen Michel
Post by Michel Le Bihan
It would be really great if OWS released RedPhone server source
code.
1) Even with source release, we're still trusting that the running
server is an unmodified copy. Fortunately, everything is end-to-end
encrypted; the security model doesn't rely on trusting the server (with
call contents, obviously potentially sensitive metadata is
available).
Yes, but it would be interesting to run it and analyze it...
Also, please read https://github.com/JavaJens/TextSecure/issues/44
That's... honestly a little concerning.
Post by Michel Le Bihan
Post by Stephen Michel
2) Release of the RedPhone server code is still important. If Signal is
targeted and forced to take their service offline (or if the service is
blocked, like it actually has been in some areas of the world), we need
to be able to replace it.
3) My understanding -- correct me if I'm wrong -- was that OWS intends
to release the Redphone server source, but has decided it is not a
priority.
AFAIK OWS doesn't want to release the Redphone server source, but I
want to convince them to do so...
Does anybody have context on whether OWS does or doesn't want to
release Redphone source, and their reasons?

Loading...