[messaging] Giving new devices access to old messages
Nadim Kobeissi
nadim at nadim.computer
Tue Apr 21 02:42:24 PDT 2015
On Tue, Apr 21, 2015 at 4:18 AM, Trevor Perrin <trevp at trevp.net> wrote:
> On Mon, Apr 20, 2015 at 6:07 PM, Gary Belvin <gdb at google.com> wrote:
> > It seems to me that the challenge with this approach is authenticating
> the
> > requests before releasing a set of symmetric keys to your data.
>
> This could leverage existing mechanisms. E.g. if multidevice support
> requires copying the long-term private key from old device -> new
> device, the "read-caps" could be sent along with the private key.
>
> If new devices are being provisioned with a passphrase and
> server-stored data, then whenever an old device downloads and decrypts
> some messages, it could upload passphrase-encrypted read-caps.
>
Arguably, there would be a slightly more concentrated attack surface on the
server storing all this data, since it collects a large number of
"read-caps" under a single passphrase. Would this not affect forward/future
secrecy claims?
Although, the usage of a passphrase *would* elegantly resolve
authentication matters. Overall, I like where Trevor is going with this. :-)
Nadim
>
> > It also change the semantics of "only the person
> > with the private key can read the message".
>
> I'd put it differently: This is just the old device giving messages to
> the new device. We're trying to make it more efficient, but this was
> always possible.
>
> I would like to deprecate the semantics "any person with your
> long-term private key can decrypt all messages you've received". If
> the long-term keys used for authentication are separated from the
> per-message keys used for sharing data, I would hope that also enables
> using more granular keys for forward-secure encryption.
>
> Trevor
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150421/ea73d3cb/attachment.html>
More information about the Messaging
mailing list