[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tox
- To: [email protected]
- Subject: tox
- From: [email protected] (Juan)
- Date: Sun, 27 Sep 2015 23:50:32 -0300
- In-reply-to: <CAJVRA1RXL6TCMuQUFtMXEiZuoCM_1znd=RV_XPx0u9TABTDPNw@mail.gmail.com>
- References: <[email protected]> <CAJVRA1RXL6TCMuQUFtMXEiZuoCM_1znd=RV_XPx0u9TABTDPNw@mail.gmail.com>
On Sat, 26 Sep 2015 20:52:01 -0700
coderman <[email protected]> wrote:
> On 9/26/15, Juan <[email protected]> wrote:
> > ...
> > I've been playing with tox(thanks rysiek!) and it looks
> > rather interesting. I noticed however that it's not listed here
> >
> > https://www.eff.org/secure-messaging-scorecard
>
> i am not saying the scorecard is worthless, but rather, it is at best
> a signal for subpar projects doing things obviously wrong.
Oh, I wasn't commenting on the security of the software listed
or tox in particular.
What I meant is that tox is an interesting project and maybe
more publicity from eff would help.
>
> it cannot tell you, honestly, who is doing it all right. (not least
> because "right" is relative to risk and threat model, which is
> perspective unique to each user...)
>
>
> things that are good about Tox.chat:
> - Opus for media. if you don't know about the Opus Codec, you should!
> VP8 i don't care about either way.
> - Re-uses onions, rather than trying to build its own anonymity
> overlay for friend finding.
> - Uses cryptobox for crypto stuffs, rather than rolling own.
> - Supports clients of various types, per preference, rather than
> monolithic structure.
>
> the bad:
> - written in C and passing things around potentially unsafely. see the
> address parsing in network.c, the DHT code. needs a good audit.
> - poor network performance primitives with UDP - ok, not a problem
> because this won't need that scale - beauty of decentralization! :)
> - DHT is trivial to DoS. a known issue, but if you need survivability
> i'd chose pond over tox.
>
>
> best regards,