[messaging] Forward secrecy and multiple devices
tom at ritter.vg
Sat Nov 1 18:03:18 PDT 2014
On 31 October 2014 10:50, Moxie Marlinspike <moxie at thoughtcrime.org> wrote:
> 5) The server enforces that new incoming messages are encrypted to both
This bit seems like it would lead to problems/overhead. As device A
already has a session with device B, it's tempting to say "Well A
would just forward it to B" but it assumes A is online all the time.
That's obviously not acceptable.
Carol wants to send a message to Alice, but doesn't know Alice added a
device. She sends it, and it gets kicked back to her for re-encrypting
to multiple keys. (Which of course sounds a little scary, but the new
key is certified.)
The 'server' may not be a 'server' but a network of servers which must
either synchronize state or require some server be the authority for
None of them are insurmountable, just added complexity. I'd be
curious if any of them were particularly painful for you when you went
down that route.
More information about the Messaging