[OTR-dev] Persisting userstate object across app restarts.

Paul Wouters paul at cypherpunks.ca
Mon Aug 11 23:10:27 EDT 2014


On Mon, 11 Aug 2014, Ian Goldberg wrote:

>> I can see why you want to do this, but it more or less breaks the
>> Perfect Forward Secrecy property to write the encryption keys to other
>> than RAM.   So I would be concerned about this being labeled as OTR.
>
> I agree with Greg.  You're planning to store *session keys* in
> persistent state?  Please don't do that.

Is there another way we can tackle the "sending a message to a user
that is offline" problem? That is a very legitimate issue for users
using otr on their phones.

Could a user that goes offline perhaps generate a new session key
that would be terminated as soon both users are online again?

I guess in a way the real fix is to send the message via openpgp in
that case. Although anything pgp is pretty much unusable :/


Paul


More information about the OTR-dev mailing list