A method for achieving forward secrecy in asynchronous messaging environments:https://whispersystems.org/blog/asynchronous-security/ …
@justinsteven Yes, you rate limit on the server, and there's a "last resort" key that can be reused but rotates periodically.
-
-
@whispersystems so is the rate limit global for the client, what if I control 100 "senders"? I'll look into the last resort key. Thanks! -
@justinsteven Yep, with 100 verified numbers you can exhaust keys if the owner is offline. Doesn't disrupt communication though. -
@whispersystems because you can fall onto the last resort key? Are there crypto weaknesses in reusing this key, or do you only lose pfs? -
@justinsteven You only lose pfs for the first message transmitted. Keys ratchet forward for subsequent messages. -
@whispersystems unless the client stays offline and you're gunning messages at them, right? -
@justinsteven That's correct, no pfs until you get a response. Although the last resort key is rotated periodically as well. -
@whispersystems@justinsteven Why usage based rotation instead of time-based rotation? e.g. upload 1000 keys and rotate once per hour.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.