Thijs Alkemade <m...@thijsalkema.de> writes:

> Suppose Bob's ephemeral keys are compromised by an attacker at a specific
> time, then the attacker can decrypt all messages from Alice since the last
> time Bob sent Alice a message before the compromise, up to (and including? I'm
> not clear on that) the first time Bob sent a message after the compromise.
> Once Bob sends a new message, the key material changes and the ephemeral key
> becomes useless.

Thanks.  That makes perfect sense.   So you have PFS that has issues in
time, but reset once you ratchet forward -- and actually erase the
previous cases from all places in which they were persisted.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev

Reply via email to