On Mon, Apr 20, 2015 at 6:07 PM, Gary Belvin <[email protected]> wrote: > It seems to me that the challenge with this approach is authenticating the > requests before releasing a set of symmetric keys to your data.
This could leverage existing mechanisms. E.g. if multidevice support requires copying the long-term private key from old device -> new device, the "read-caps" could be sent along with the private key. If new devices are being provisioned with a passphrase and server-stored data, then whenever an old device downloads and decrypts some messages, it could upload passphrase-encrypted read-caps. > It also change the semantics of "only the person > with the private key can read the message". I'd put it differently: This is just the old device giving messages to the new device. We're trying to make it more efficient, but this was always possible. I would like to deprecate the semantics "any person with your long-term private key can decrypt all messages you've received". If the long-term keys used for authentication are separated from the per-message keys used for sharing data, I would hope that also enables using more granular keys for forward-secure encryption. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
