[messaging] Multiple devices and key synchronization: some thoughts

David Gil dgil at yahoo-inc.com
Sat Jan 3 15:51:04 PST 2015

On Saturday, January 3, 2015 8:15 AM, Joseph Bonneau <jbonneau at gmail.com> wrote:

> However, I think it's also possible (and indeed common) to
> make a design error by assuming all users have the same values
> as we do, or would "if only they knew" and therefore we should
> try to force them into a high level of security.

I certainly don't think that; I do think that we can achieve a
very high level of security while not being any harder to use
than some password synchronization services.

> Personally, I think many users' desire for end-to-end security
> ends well short of printing backup codes 

Quite likely.

> or running a pairing
> protocol that prevents them from instantly using a new device.


> If this is required to use multiple devices, I'm worried that
> the result will be a large number of users signing up for some
> new cloud service which manages a single private key for them
> and lets them fetch their messages from any device (using
> passwords and HTTPS), at which point end-to-end security is
> gone.

Sure. But that's not a good argument against designing a system
which provides as good of security as is possible for users who
do care.

(Maybe there will need to be an "always be secure" checkbox at

- dlg

More information about the Messaging mailing list