[messaging] Giving new devices access to old messages

Trevor Perrin trevp at trevp.net
Mon Apr 20 19:18:03 PDT 2015

On Mon, Apr 20, 2015 at 6:07 PM, Gary Belvin <gdb at google.com> wrote:
> It seems to me that the challenge with this approach is authenticating the
> requests before releasing a set of symmetric keys to your data.

This could leverage existing mechanisms.  E.g. if multidevice support
requires copying the long-term private key from old device -> new
device, the "read-caps" could be sent along with the private key.

If new devices are being provisioned with a passphrase and
server-stored data, then whenever an old device downloads and decrypts
some messages, it could upload passphrase-encrypted read-caps.

> It also change the semantics of "only the person
> with the private key can read the message".

I'd put it differently: This is just the old device giving messages to
the new device.  We're trying to make it more efficient, but this was
always possible.

I would like to deprecate the semantics "any person with your
long-term private key can decrypt all messages you've received".  If
the long-term keys used for authentication are separated from the
per-message keys used for sharing data, I would hope that also enables
using more granular keys for forward-secure encryption.


More information about the Messaging mailing list