On Wed, 24 Feb 2021 at 22:34, Paul Schaub <[email protected]> wrote:
> I wouldn't be too concerned about periods where the root chain is not > advanced. The crypto should still be strong enough to protect the message > contents against offline attacks. > > With MLS and Signal, my understanding is that advancing the ratchet makes the cryptography simpler to prove, but there's no belief out there that reusing the various keys might cause any problems. (This is more or less the same as with ClientInitKey / PreKey reuse, I believe). But I am not a cryptographer, I just play one on TV or something. > Take for example OpenPGP with keys over curve25519. There *every* message > is encrypted with the same key, yet it is not broken at all. I'd rather see > break-in recovery as a nice bonus. > > Paul > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
