[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ring] Security issues
From: |
Greg Troxel |
Subject: |
Re: [Ring] Security issues |
Date: |
Thu, 29 Jun 2017 21:28:06 -0400 |
User-agent: |
Gnus/5.130016 (Ma Gnus v0.16) Emacs/24.5 (berkeley-unix) |
Simon Désaulniers <address@hidden> writes:
> Regarding the effect of OTR, Axolotl on PFS asked on the stackexchange post, I
> have precised in an answer~[1] something that I thought unclear.
Thanks for the followup. In terms of practical attacks, I think the
point of per-message PFS vs longer-term PFS is not critical, as long as
the time period that a key is maintained is relatively bounded.
One thing that would be good to expand on is, assuming ring supports
some sort of SMS-like service, how that works in terms of the
combination of PFS and the other user being offline. Lacking a server,
I would guess it's just retried until both are online, and then you can
do the DTLS key agreement. Is that right?
signature.asc
Description: PGP signature