[messaging] Giving new devices access to old messages
Trevor Perrin
trevp at trevp.net
Mon Apr 20 19:18:03 PDT 2015
On Mon, Apr 20, 2015 at 6:07 PM, Gary Belvin <gdb at google.com> wrote:
> It seems to me that the challenge with this approach is authenticating the
> requests before releasing a set of symmetric keys to your data.
This could leverage existing mechanisms. E.g. if multidevice support
requires copying the long-term private key from old device -> new
device, the "read-caps" could be sent along with the private key.
If new devices are being provisioned with a passphrase and
server-stored data, then whenever an old device downloads and decrypts
some messages, it could upload passphrase-encrypted read-caps.
> It also change the semantics of "only the person
> with the private key can read the message".
I'd put it differently: This is just the old device giving messages to
the new device. We're trying to make it more efficient, but this was
always possible.
I would like to deprecate the semantics "any person with your
long-term private key can decrypt all messages you've received". If
the long-term keys used for authentication are separated from the
per-message keys used for sharing data, I would hope that also enables
using more granular keys for forward-secure encryption.
Trevor
More information about the Messaging
mailing list