[OTR-dev] OMEMO, PFS
Greg Troxel
gdt at ir.bbn.com
Wed Nov 11 10:20:47 EST 2015
Ximin Luo <infinity0 at pwned.gg> writes:
> Hi Greg, allow me to refer you to a previous post I wrote:
>
> https://moderncrypto.org/mail-archive/messaging/2015/001877.html
>
> The TL;DR is that to achieve "forward-secrecy for in-transit messages"
> you need to have some sort of timeout mechanism, as opposed to using
> cryptographic techniques. I'm not sure if people have engineered this
> specifically into any protocols, but it would be more of an
> engineering task than a cryptography task.
That's a good point. I think timeouts are independent of persistence,
except that without persistence you need to have a way to recover from
sooner-than-intended loss of keymat.
In the OTR world, is there a notion that implementations MUST NOT
persist keys in ways that could survive a power cycle? (more or less -
not trying to argue RAM permanence, but more that RAM and flash are very
different points in the space) Or is this a local option for
implementors?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151111/2b2f8308/attachment.sig>
More information about the OTR-dev
mailing list