Ximin Luo <infini...@pwned.gg> writes: > Hi Greg, allow me to refer you to a previous post I wrote: > > https://moderncrypto.org/mail-archive/messaging/2015/001877.html > > The TL;DR is that to achieve "forward-secrecy for in-transit messages" > you need to have some sort of timeout mechanism, as opposed to using > cryptographic techniques. I'm not sure if people have engineered this > specifically into any protocols, but it would be more of an > engineering task than a cryptography task.
That's a good point. I think timeouts are independent of persistence, except that without persistence you need to have a way to recover from sooner-than-intended loss of keymat. In the OTR world, is there a notion that implementations MUST NOT persist keys in ways that could survive a power cycle? (more or less - not trying to argue RAM permanence, but more that RAM and flash are very different points in the space) Or is this a local option for implementors?
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
