I just returned from the 37C3 congress in Hamburg. One of the talks was about the recently published Messaging Layer Security protocol (RFC 9420), it was finalized by IETF in July 2023.
The protocol is already deployed through webex and will most likely be implemented by other commercial and non commercial services (such as Matrix or Signal chat). It may be worth considering for DIscourse chat too.
One second, who’s idea was this???
RFC is at: https://www.rfc-editor.org/rfc/rfc9420.txt
Related chat discussion is at: End-to-end Encryption for Chat
To be honest, I don’t see us having time to implement end-to-end encryption for chat this year.
As someone who would love this feature and also understands it might take a lot of time and money to not only build it but maintain it…and also someone who has no idea how much time and money…but is curious because maybe there could be ways to achieve such goals…
Does anyone have any estimate on how much time/money it might require to build and maintain Discourse chat encryption?
A lot, if I had to guess a number … building is say 6 months of engineering. Maintaining is another 4 months of engineering per year.
But it is very hard to estimate here, I am just going by my gut.
I appreciate that, and maybe a dumb follow-up question, when you say 6 and 4 months of engineering, what do you mean by “months of engineering”?
Is that one person doing 160 hours of work? Many people at 160 hours?
There is a mythical man month at play, this is probably a 1-2 person job, any more would just start slowing this down.