[OTR-dev] Persisting userstate object across app restarts.
Paul Wouters
paul at cypherpunks.ca
Mon Aug 11 23:10:27 EDT 2014
On Mon, 11 Aug 2014, Ian Goldberg wrote:
>> I can see why you want to do this, but it more or less breaks the
>> Perfect Forward Secrecy property to write the encryption keys to other
>> than RAM. So I would be concerned about this being labeled as OTR.
>
> I agree with Greg. You're planning to store *session keys* in
> persistent state? Please don't do that.
Is there another way we can tackle the "sending a message to a user
that is offline" problem? That is a very legitimate issue for users
using otr on their phones.
Could a user that goes offline perhaps generate a new session key
that would be terminated as soon both users are online again?
I guess in a way the real fix is to send the message via openpgp in
that case. Although anything pgp is pretty much unusable :/
Paul
More information about the OTR-dev
mailing list