This is nothing special
It is the reliance on out-of-band key exchange that prevents general adoption of schemes like this. People like convenience, and true security is not convenient.
BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application. The P2P messaging system is taking alpha sign-ons now, here. The idea is that if messages …
AIUI there would be nothing (patents aside) to stop Bittorrent Inc. from creating client software which uses one of their own servers for the "out-of-band" exchange. Nor anyone else who wants to run such a service, or create such a client.
That key exchange and directory services are not built into the communication protocol is probably a good thing, overall. "Do one thing, and do it well."
Upvoted, but there is a slight difference to other schemes. There's little need to spend on marketing and torrenters probably have servers running rather than a mac air which switches off after 60 seconds of inactivity.
Probably the best thing to do is offer a bluetooth-like pairing (but with more complexity) so you can configure/accept "friend requests" with easy to remember, but long phrases http://xkcd.com/936/. Also torrenters have slightly more tech know-how or dedication than your average fb user, so they've got a good starting userbase.
The "special" doesn't have to be in the tech, it might just be in the target-market selection and the ability to survive without profit or government interference.
It's called Retroshare, and it does exactly that this new software claims it will do. Except it does it in a fairly mature manner already. Cross-platform, stable. Encrypted IM with peer authentication, plus mail function, file sharing and even decentralised forums. Why start over from scratch when there is already a piece of software available that does the job fairly well?
<quote>RetroShare is a cross-platform private p2p sharing program. It lets you share securely your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication</quote>
Source: http://sourceforge.net/projects/retroshare/
If I remember correctly, there is concern that SSL is not secure from attacks by the three- (and four-) letter agencies. The BitSync application uses AES256. I'm not a crypto expert, though, just sayin' that the two aren't exactly equivalent.
Sort of. SSL isn't a cipher as such. It's a means of negotiating which cipher to use. There is concern that the defaults most software uses may be vulnerable (In particular a lack of forward secrecy), but it's a simple operation to drop those and use better ones if both ends support it.
>Why start over from scratch when there is already a piece of software available that does the job fairly well?
You shouldn't, but sometimes marketing demands it. BT has mindshare, Retroshare, whatever its technical merits doesn't have that.
Ideally, BT would join with RS but sometimes egos get in the way.