Talk:Signal Protocol
This is the talk page for discussing improvements to the Signal Protocol article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to multiple WikiProjects. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
#5=@%2@559
The following references may be useful when improving this article in the future:
|
How the protocol functions
editThe article is currently missing information about how the Signal Protocol combines the Double Ratchet Algorithm, prekeys, and a triple Diffie–Hellman (3-DH) handshake. A detailed overview can be found in Frosch et al. 2014. --Dodi 8238 (talk) 10:47, 26 September 2016 (UTC)
- Cohn-Gordon et al. 2016 provides a more up-to-date description. Its authors explicitly state that "the Signal Protocol has changed substantially since [the Frosch et al.] analysis of TextSecure." --Dodi 8238 (talk) 23:18, 27 October 2016 (UTC)
Closed vs Open source
editI have put in that whatsapp, google allo, and facebook claim to use this protocol, because I think it's significant to know the difference between the implementation in apps which are open source and are studied, and the claims of proprietary closed source clients (apps), which might reveal a user's private keys without the user's knowledge, and thus depend entirely on believing Facebook, or Google, who do have an economic interest in knowing the content of the user's communications. Brinerustle (talk) 08:12, 23 December 2016 (UTC)
- Are you able to provide reliable sources that discuss this? Saying that WhatsApp, Facebook Messenger and Google Allo "claim" to use the protocol implies that their statements' credibility has been called into question (see WP:CLAIM). Unless you can provide reliable sources that have called into question their statements' credibility, then we should not imply that this has happened. There is currently no evidence of these companies revealing their users' private keys without their users' knowledge. In order to maintain a neutral point of view and avoid original research, we should use clear, direct language, and let verifiable facts alone do the talking. Keep in mind that, in determining proper weight, we consider a viewpoint's prevalence in reliable sources, not its prevalence among Wikipedia editors or the general public (see WP:WEIGHT). --Dodi 8238 (talk) 09:08, 23 December 2016 (UTC)
- I disagree with the above interpretation of Brinerustle's use of "claim" in this case. The relevant section (per my reading) of WP:CLAIM states: "To write that someone asserted or claimed something can call their statement's credibility into question, by emphasizing any potential contradiction or implying a disregard for evidence." To state that use of "claim" can call someone's credibility into question does not mean that such use implies such a questioning. In this particular case, the claim is one about an implementation of software solely controlled by the entity making the claim, since that entity has exclusive access to both the software's source code and to it's build process. No such claim can be verified by any outside party. Other parties can, by observing the action of the software at runtime, attempt to verify that the software performs according to the protocol its controlling entity claims it implements; but without access to the source code and the build process, no one can demonstrate that the software implements the protocol *correctly* and without any bad behavior. The claim is made in absence of evidence (the only possible evidence is actively withheld by the claiming parties), so IMO the mere statement that the various products implement the protocol is a "claim". Koanhead (talk) 02:52, 29 December 2017 (UTC)
- Exactly. What is currently missing is evidence for the statement "it has since been implemented". I agree that there is no evidence for the private keys being exposed, but there is also no evidence for the implementation. It needs restating, I will give it another go.Brinerustle (talk) 09:42, 14 April 2018 (UTC)
Add Encryption Protocols information
editThe following is a quote from the Wiki article on Signal [1], which is the first software that implemented the Signal Protocol --
"Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and a Triple Diffie-Hellman (3XDH) handshake. It uses Curve25519, AES-256, and HMAC-SHA256 as primitives." |
This information needs to be added to this article. I believe the format for such information has already been established.
Thanks — Preceding unsigned comment added by Dshorter (talk • contribs) 14:39, 18 September 2018 (UTC)
Export and Import Restrictions
editAre there any countries that restrict the export and import of technologies using the protocol? If so, that information should be added to this article. Squideshi (talk) 22:35, 30 March 2019 (UTC)
Proposed merge of Post-Quantum Extended Diffie-Hellman into Signal Protocol
editThe history section could be updated with the new extension and pretty much all the content of the PQXDH article could be copied over, maybe trimmed a little but not much. Alpha3031 (t • c) 14:58, 27 October 2023 (UTC)
- I counter-propose that the Post-Quantum Extended Diffie-Hellman article be merged instead with Diffie–Hellman key exchange, where it more appropriately belongs. Diffie-Hellman is a PART of Signal protocol, not the same thing. Epachamo (talk) 23:32, 8 December 2023 (UTC)
- Given this uncontested counterproposal, let's move to discuss this over at Talk:Diffie–Hellman key exchange, tagging Diffie–Hellman key exchange. Klbrain (talk) 14:57, 28 January 2024 (UTC)