[guardian-dev] ChatSecure

Patrick Baxter patch at cs.ucsb.edu
Mon Aug 26 15:05:18 EDT 2013


On Mon, Aug 26, 2013 at 9:33 AM, Nathan of Guardian
<nathan at guardianproject.info> wrote:
> I have to believe that I at least have to share "online" window with
> most of the people I interact with on a daily basis. If my app can
> notice someone online who I want to establish or refresh an OTR session
> with, why not just do it then?
>

I haven't read Moxie's proposal too carefully so take this with a
grain of salt, but what Nathan said makes a lot of sense to me.

Fixing asynchrony in this sense seems to be a matter of the length of
your PFS window. If you end your session after every real-time chat,
you can't send if one person is offline. If you save the keys of your
current session and renegotiate when you both online, things work.

The only disadvantage is if you are both never online at the same time
which would create a long window where forward secrecy is not in
effect and that session keys are stored on the device longer.

Does this make sense?


More information about the Guardian-dev mailing list