On Mon, Aug 11, 2014 at 08:12:52PM -0400, Greg Troxel wrote: > > Madhav V <[email protected]> writes: > > > 3. Alice goes into the app. Bob and Alice apps establish a secure session. > > The app persist the session on Alice' device. > > The session is persisted on Bob's device as well. > > > > 4. Now Bob can send Alice messages even when her phone is switched off or > > off the network or the app is in the background. > > > > 5. Alice's app can restore the session on restart or whenever necessary to > > decrypt Bob's message. > > I can see why you want to do this, but it more or less breaks the > Perfect Forward Secrecy property to write the encryption keys to other > than RAM. So I would be concerned about this being labeled as OTR.
I agree with Greg. You're planning to store *session keys* in persistent state? Please don't do that. - Ian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
