
Show HN: Mentat – group chat with tags and pretty good privacy - kenforthewin
https://github.com/kenforthewin/mentat
======
badrabbit
> When you first join a chat room, a personal keypair will be generated and
> stored in browser storage. If you are the creator of this room, the client
> will also generate a keypair for the room

I'm trying to wrap my head around the security model here. What bothers me is
the key distribution problem and the fact that a server still has to handle
key distribution messages.

With PGP, a "web of trust" is assumed where people have static long-lived
public keys you can verify using existing trust relationships. The key pair in
this app is being generated as you join or participate which makes "web of
trust" impossible to use.

So,I am assuming the security model is similar to end to end chat apps like
signal? Those protocols assume the initial key exchange was authenticated by
the users out of band and allow users to verify the "safety number". They
assume the users already know each other and can succesfully perform out of
band authentication for at least the first key exchange.

My question is, is there a "safety number" for mentant? Is it straight forward
and obvious when navigating the UI? (Signal's isn't) and will the compromise
of an old key pair (personal or room forward secrecy) result in compromise of
future messages?

If you security is done right I love the idea,especially if you can integrate
existing user directories (AD/ldap for example) where user keys for the chat
can be verified in the directory db.

~~~
kenforthewin
You're right in concluding that Mentat doesn't use the web of trust concept
from PGP. Each device is assigned a UUID which serves as the safety number
binding ownership between a keypair and a device. This number isn't displayed
yet which is a clear flaw but a quick one to fix. See this issue for more of
my idea on identity and proving ownership of keys:
[https://github.com/kenforthewin/mentat/issues/50](https://github.com/kenforthewin/mentat/issues/50)

Thanks for the insightful comment.

~~~
badrabbit
Thanks for taking the time to respond,I will look at the issue.

------
fredley
I created a room, but I wasn't asked to set a name on creation, nor can I
change it (seems broken). Also I have no idea how to actually invite anyone
else to chat with me...

[https://groupchat.kenforthewin.com/t/b001beb0-7273-11e8-82a9...](https://groupchat.kenforthewin.com/t/b001beb0-7273-11e8-82a9-9fd3977a1a5c)

------
zimablue
There's already a mentat, name change please

~~~
fnordsensei
Having recently been involved in trademarking some company assets, it seems
that the rule of thumb is that it's ok to use a name if it's not already taken
by a _competing_ company or service. This is also particular to a region.
Finding a good name that works across the world is a headache.

There will be tons of overlap in open source software, always. No point in
getting upset about it. Most of the time, the purpose of the software is
completely different.

That being said, I think this is a good rule of thumb out of courtesy and good
judgement, even if trademarks are not involved. It just leads to dilution of
both brands/projects, if they are similar enough in what they do.

For this, I'm only aware of Mozilla's Project Mentat [1], but no problem
there.

1: [https://github.com/mozilla/mentat](https://github.com/mozilla/mentat)

~~~
mrpippy
Mentat was also a company in the early 90s, they made a portable STREAMS
implementation that was used in MacOS Open Transport, among other OSes

[https://en.m.wikipedia.org/wiki/Mentat_Portable_Streams](https://en.m.wikipedia.org/wiki/Mentat_Portable_Streams)

~~~
Fnoord
The name Mentat is derived from the Dune universe.

Quoting: "A Mentat is a fictional type of human, presented in Frank Herbert's
science fiction Dune universe. In an interstellar society that fears a
resurgence of artificial intelligence and thus prohibits computers, Mentats
are specially trained to mimic the cognitive and analytical ability of
electronic computers." [1]

[1]
[https://en.wikipedia.org/wiki/Mentat](https://en.wikipedia.org/wiki/Mentat)

------
valeg
[http://fallout.wikia.com/wiki/Mentats](http://fallout.wikia.com/wiki/Mentats)

~~~
cup-of-tea
[http://dune.wikia.com/wiki/Mentat](http://dune.wikia.com/wiki/Mentat)

