[messaging] Multiple devices and key synchronization: some thoughts

Trevor Perrin trevp at trevp.net
Fri Jan 2 12:44:46 PST 2015


On Fri, Jan 2, 2015 at 1:35 AM, Michael Rogers <michael at briarproject.org> wrote:
>
> * The existing device introduces the new device to the user's other devices (if any) and the user's contacts' devices. This involves brokering a key exchange between each pair of devices to set up an encrypted and authenticated link.


That's a reasonable addition.

Without a single "master" or "identity" key though, I'm not sure how
TOFU or out-of-band verification (like "fingerprints") would work.

For example, suppose I wanted to print something on my business card
that was sufficient for someone to send a message that all my devices
can decrypt.

That's possible with a single master key, or with signatures, since
someone could lookup my public key from the fingerprint and perhaps
signatures from that key over device-specific keys.

But it doesn't seem possible with this new proposal, since it would
require interaction with one of my devices to "broker" knowledge of my
other devices?


Trevor


More information about the Messaging mailing list