[messaging] Multiple devices and key synchronization: some thoughts

Trevor Perrin trevp at trevp.net
Tue Jan 6 10:05:23 PST 2015


On Tue, Jan 6, 2015 at 9:44 AM, Michael Rogers <michael at briarproject.org> wrote:
>
>> What if Bob has ten thousand people he's ever corresponded with?
>
> Then ten thousand people will want to know about his new device,
> regardless of which approach we take to key sync.
>
[...]
>> My argument is that instead of updating everyone that might be
>> remembering your identity info, it's easier to leave that info
>> unchanged and just sign the new device's key, or synchronize the
>> existing private key to the new device.
>
> That's fine if you don't want anyone to know about the new device. :-)
> Otherwise you'll eventually want to tell people about it.
>
[...]
> As I said before, I don't think the approach I described has any
> obvious advantages over the master key approach. I just thought that
> since we were enumerating possible approaches, I should mention an
> approach that we're thinking of taking with Briar, because it's a bit
> different from the other approaches that were described. I'm not
> trying to persuade you it's the One True Approach - I'm just
> describing it.


OK.  Fair point that there's different ways to skin this cat, I had
lost track whether we were arguing or not...

I guess my point is that in a system like TextSecure, where each user
has a single identity public key, and where Alice has to contact Bob's
mailbox server to deliver a message, it's nice and easy for the
mailbox to tell Alice if Bob has new devices.

I think this is a good approach, and am happy that Bob doesn't have to
proactively message each of his correspondents when he adds a device.
But I can appreciate this isn't possible in all systems.

Trevor


More information about the Messaging mailing list