On 31/10/14 15:50, Moxie Marlinspike wrote: > 4) Device 'A' can use a regular axolotl session to transmit existing > message history to device 'B'. >
"axolotl is forward-secret" doesn't mean "the entire application is forward-secret". The fact that the device stores message history, reduces the effectiveness of having sent the message through a forward-secret scheme like axolotl - an attacker who can compromise the long-term key can just compromise the history itself. Now, one can argue "it's harder to exfiltrate the entire message history than a few keys", especially if the message history is large. But still, this is going outside of typical "forward secrecy" concerns. X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
