Simon Désaulniers <[email protected]> writes: > Regarding the effect of OTR, Axolotl on PFS asked on the stackexchange post, I > have precised in an answer~[1] something that I thought unclear.
Thanks for the followup. In terms of practical attacks, I think the point of per-message PFS vs longer-term PFS is not critical, as long as the time period that a key is maintained is relatively bounded. One thing that would be good to expand on is, assuming ring supports some sort of SMS-like service, how that works in terms of the combination of PFS and the other user being offline. Lacking a server, I would guess it's just retried until both are online, and then you can do the DTLS key agreement. Is that right?
signature.asc
Description: PGP signature
