On 11 August 2014 22:10, Paul Wouters <p...@cypherpunks.ca> wrote: > Is there another way we can tackle the "sending a message to a user > that is offline" problem? That is a very legitimate issue for users > using otr on their phones.
I agree. Most people are probably familiar with it, but TextSecure (Trevor Perrin) designed a new ratchet for this exact purpose: https://whispersystems.org/blog/advanced-ratcheting/ It uses a sub-ratchet that doesn't require the user store key material that is as sensitive as OTR's. That said... TextSecure and whatever app you're writing probably _also_ stores the plaintext messages as a history that can be scrolled through. TS is still protected by a password, but in general, my order of importance of OTR secrets is: long term key material allowing impersonation, plaintext chats, session keys. What's the concern about storing session keys if either the plaintext or the long term key is stored accessible? -tom _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
