On Fri, Jan 2, 2015 at 1:35 AM, Michael Rogers <[email protected]> wrote: > > * The existing device introduces the new device to the user's other devices > (if any) and the user's contacts' devices. This involves brokering a key > exchange between each pair of devices to set up an encrypted and > authenticated link.
That's a reasonable addition. Without a single "master" or "identity" key though, I'm not sure how TOFU or out-of-band verification (like "fingerprints") would work. For example, suppose I wanted to print something on my business card that was sufficient for someone to send a message that all my devices can decrypt. That's possible with a single master key, or with signatures, since someone could lookup my public key from the fingerprint and perhaps signatures from that key over device-specific keys. But it doesn't seem possible with this new proposal, since it would require interaction with one of my devices to "broker" knowledge of my other devices? Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
