[OTR-dev] OMEMO, PFS
Taylor R Campbell
campbell+otr at mumble.net
Tue Nov 10 17:33:18 EST 2015
Date: Tue, 10 Nov 2015 17:10:21 -0500
From: Greg Troxel <gdt at ir.bbn.com>
Taylor R Campbell <campbell+otr at mumble.net> writes:
> PFS is indeed not a binary property. Aside from confusion arising
> from the loaded word `perfect' in `perfect forward secrecy', some
> people argue against using the term at all in favour of `key erasure',
> and of stating when the relevant keys are erased.
A fair point.
I would argue, though, that most people would consider that "PFS" is
only achieved when the keys that need to be erased are never written to
permanent storage. So I'd add "where stored" to "when erased".
I personally, am not confident that I can erase flash.
Yes -- that's part of the point of emphasizing the concept of key
erasure. There are qualitative differences between:
- a per-conversation key that persists in RAM for an on-line conversation,
- a per-conversation key replaced after every message like OTR, and
- a key that is written to permanent storage.
Another relevant part of it is /what/ key? Does the OMEMO key enable
decryption of any past messages, or only the very next message that
you might send two months later? Either possibility is conceivable.
More information about the OTR-dev
mailing list