John Brooks

Wow, this is an old issue. It's about time to get this done. Let's talk about file transfers. This is partly requesting feedback, partly trying to convince myself, and partly...

> - Without client authentication on the download, are there any attack vectors worth noting? I can't think of any that would be critical to the threat model...but for the...

> I wonder why you would want to save an additional content-type apart from a user visible file name extension? Could that possibly lead to confusion on the receiver side...

This seems to happen rarely, in rapid back-and-forth conversation, and I think it has always appeared above an outgoing message. Maybe there is something that confuses the date comparison; the...

@gabedwrds good catch. This is happening because of the [message reordering](https://github.com/ricochet-im/ricochet/blob/master/src/core/ConversationModel.cpp#L173). The incoming message's timestamp is the time when it was received, which will be a newer timestamp than the...

There's some older discussion on this in #31, but it's so out of date that I am going to break my pattern and keep this issue. Ricochet is packaged for...

Latest from the TAILS side indicates that everything could align to include Ricochet around TAILS 3.0 (~2017-06). They need their Debian version update to land before Ricochet packages are available.

> First, it would be nice to have password protection similar to Bitcoin password protection. This is an interesting one. Ideally, the entire `config` folder should be encrypted: it contains...

There is discussion on #30 about storing hidden service keys. Tor has a bunch of related tickets under https://trac.torproject.org/projects/tor/ticket/8993. I promised to sketch out a control API that would be...

Tor 0.2.7.x has an ADD_ONION control API, which is sufficient for us to encrypt Ricochet's configuration and the hidden service data. Tor's configuration and state files will remain unencrypted -...