[messaging] Group messaging consistency under resource constraints

Trevor Perrin trevp at trevp.net
Fri Oct 10 13:06:21 PDT 2014

On Fri, Oct 10, 2014 at 11:35 AM, Ximin Luo <infinity0 at pwned.gg> wrote:
> On 10/10/14 17:09, Trevor Perrin wrote:
>> In an asynchronous setting you can't assume other parties are online
>> to retransmit.  With no central server to retransmit, how does your
>> algorithm work?
> It works by having everyone be a potential re-sender, of everyone else's ciphertext. (Only the ciphertext is cached, not e.g. ratchet secrets derived from them.) So yes, it doesn't work if there is one person who is never online at the same time as anyone else.
> But in such a case, you would need a server to cache the ciphertext *anyway*, for that person to receive *any messages at all*. A non-caching server doesn't help reliability, only performance/efficiency - since the original sender could have just used separate individual transports (without the central server) to deliver to those recipients directly via other routes. And once you build the caching server, it's not much effort to have it attempt retransmits periodically.

It's true that the asynchronous setting requires a message to be
stored somewhere, awaiting delivery.

But I disagree that it's "not much effort" for this somewhere to
retransmit messages to anyone in a group who asks.  That's not how
transports like (SMS, Google Cloud Messaging, email, Pond, or mix
networks) work.

I think your original question was directed at TextSecure.  TextSecure
already supports a few different transports, and may need to support
more in the future.  So anything we do with "transcript consistency"
needs to work within the premise that message delivery is asynchronous
and unreliable.


[1] https://moderncrypto.org/mail-archive/messaging/2014/000372.html

More information about the Messaging mailing list