Date: Tue, 10 Nov 2015 17:10:21 -0500 From: Greg Troxel <[email protected]>
Taylor R Campbell <[email protected]> writes: > PFS is indeed not a binary property. Aside from confusion arising > from the loaded word `perfect' in `perfect forward secrecy', some > people argue against using the term at all in favour of `key erasure', > and of stating when the relevant keys are erased. A fair point. I would argue, though, that most people would consider that "PFS" is only achieved when the keys that need to be erased are never written to permanent storage. So I'd add "where stored" to "when erased". I personally, am not confident that I can erase flash. Yes -- that's part of the point of emphasizing the concept of key erasure. There are qualitative differences between: - a per-conversation key that persists in RAM for an on-line conversation, - a per-conversation key replaced after every message like OTR, and - a key that is written to permanent storage. Another relevant part of it is /what/ key? Does the OMEMO key enable decryption of any past messages, or only the very next message that you might send two months later? Either possibility is conceivable. _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
