[messaging] Multiple devices and key synchronization: some thoughts

David Gil dgil at yahoo-inc.com
Sat Jan 3 16:23:48 PST 2015

On Saturday, January 3, 2015 7:27 AM, Ben Harris <mail at bharr.is> wrote:
> (3) All devices have device-specific decryption-involved keys, and a
> master device uses a signing key to authorize subordinate devices.
> An ID based cryptography scheme might make this more manageable.
> An identity/user has a master key, 

Who would have/use the master key?

On Friday, January 2, 2015 10:55 AM, carlo von lynX <lynX at i.know.you.are.psyced.org> wrote:
> As I described before in our current plan the long-lived key is not
> supposed to be in memory anywhere. You use it to generate each device's
> keys, you print it out on a sheet of paper, then wipe computer memory.

This is a terrible cost to usability. Though it provides substantial
crypto-world benefits to security, it's unclear that it provides any
real-world benefits. (It encourages people to not rotate keys...)

More information about the Messaging mailing list