On 05/05/2026 17:13, Bernhard Reiter via Gnupg-users wrote:
The problem with messengers is that they are more inclined towards online usage and they need a central registry. As example as far as I know, perfect forward secrecy only works if there is an online connection to negociate the keys. To allow a pseudo asynchronous use, the double Double Ratchet Algorithm used in some messengers uses prekeys that have to be generated and uploaded so a server. And I guess you can deplete them.
Forward secrecy is definitely more challenging in a high-latency environment like email. It's not impossible, but Signal's double ratchet protocol is designed to be tolerant of reasonably long periods of disconnection (in *very* handwavey terms, that's what the second ratchet in "double" ratchet is there for).
The Really Hard Problem with double ratchet isn't comms latency, it's group management. But that's also a problem with encrypted email. And the greatest flaw in Signal's architecture is the authoritative keyserver.
It is possible to get most of the benefits of forward secrecy without using double ratchet or authoritative servers. That's what DeltaChat [1] is aiming for with Autocrypt2 [2].
(I would strongly recommend that anyone with an interest in PGP pays close attention to what DeltaChat is doing - they are leaving the rest of us in their dust)
Thanks, A [1] https://delta.chat [2] https://autocrypt2.org
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
