[messaging] Identity keys and fingerprints
David Leon Gil
coruus at gmail.com
Mon Jan 5 22:03:05 PST 2015
On Mon, Jan 5, 2015 at 4:18 PM, Trevor Perrin <trevp at trevp.net> wrote:
> The most practical approaches are probably either synchronizing the
> identity key between devices, or using it to sign device keys. Either
> way, adding a new device might increase communication in (f), since
> Alice might have to retrieve additional device-specific prekeys,
> and/or signed device keys.
There is no need for an "identity key" to sign anything except an
initial device key. Just chase cross-signatures back to a
distinguished (by some flag) identity key that is stored offline, and
use a hash of that as the fingerprint:
xsign(device0t0, identity)
xsign(device0t0, device1t0)
xsign(device0t1, device2t0)
chase_fingerprint(device2) == hash(identity)
(Many thank to Yan for suggesting this approach to stable
fingerprints, though I don't know that she endorses it.)
This neatly avoids exposing any long-term keys to additional risk of compromise.
More information about the Messaging
mailing list