Re: [Ring] Security issues

jami

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ring] Security issues

From:	Greg Troxel
Subject:	Re: [Ring] Security issues
Date:	Thu, 29 Jun 2017 21:28:06 -0400
User-agent:	Gnus/5.130016 (Ma Gnus v0.16) Emacs/24.5 (berkeley-unix)

Simon Désaulniers <address@hidden> writes:

> Regarding the effect of OTR, Axolotl on PFS asked on the stackexchange post, I
> have precised in an answer~[1] something that I thought unclear.

Thanks for the followup.   In terms of practical attacks, I think the
point of per-message PFS vs longer-term PFS is not critical, as long as
the time period that a key is maintained is relatively bounded.

One thing that would be good to expand on is, assuming ring supports
some sort of SMS-like service, how that works in terms of the
combination of PFS and the other user being offline.   Lacking a server,
I would guess it's just retried until both are online, and then you can
do the DTLS key agreement.  Is that right?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Ring] Security issues, David Burleigh, 2017/06/23
- Re: [Ring] Security issues, Adrien Béraud, 2017/06/23
  - Re: [Ring] Security issues, David Burleigh, 2017/06/23
  - Re: [Ring] Security issues, Greg Troxel, 2017/06/29
    - Re: [Ring] Security issues, Simon Désaulniers, 2017/06/29
    - Re: [Ring] Security issues, Greg Troxel <=
    - Re: [Ring] Security issues, Simon Désaulniers, 2017/06/29

Prev by Date: Re: [Ring] Security issues
Next by Date: Re: [Ring] Security issues
Previous by thread: Re: [Ring] Security issues
Next by thread: Re: [Ring] Security issues
Index(es):
- Date
- Thread