Note, I’m not familiar with OMEMO and it’s ratchet system, so take this with a grain of salt.
On Dienstag, 28. August 2018 13:26:51 CEST Paul Schaub wrote: > Another countermeasure against stale devices is sending empty > ratchet-forward messages on a regular basis. Those messages do have the > same format as KeyTransportMessages [3], in that they do not contain a > body. Their purpose is to forward the ratchet without user interaction. > The downside is, that a device has to do this on its own, so this is not > a good defense against attackers devices. Would it be possible for devices which exist and are used by a user, but not for sending (for whatever reasons) to auto-reply with an empty message with e.g. a probability of 1/10 or whatever to each message? This would allow advancement of the ratchet (If I Understand This Correctly) without user interaction and it puts the burden on the device which still wants to receive messages (i.e. if an attacker chooses to not send these messages, they’re hurting themselves). But yeah, I have no idea about OMEMO. Just throwing stuff in. kind regards, Jonas
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
