|
|
|
|
|
|
by wruza
3319 days ago
|
|
|
Once I read the article on messaging security, and non-standard clients were mentioned there as another serious attack vector. If you have only one client controlled by service provider, it is somewhat easier to reason about its quality. But if your peer can have any client, then your conversation is at risk, because your peer may not be hygienic enough, so exploit message may be sent to it from another contact and that will send all conversations to third party. E.g. though xmpp/otr is somewhat secure by itself, random security-unaware xmpp clients (tons of these) are a big concern. The weakness of the chain is still defined by its weakest link. This is the case where it is maybe better to put all eggs in one basket and choose/validate entire baskets, not particular eggs. I'm not a security expert, but that sounds reasonable imo. |
|
|