kmq
commented
5 years ago There is at least one other issue dealing with this, that indicates that something in that area is buggy. See #1006
Open sindastra opened 5 years ago
kmq
commented
5 years ago There is at least one other issue dealing with this, that indicates that something in that area is buggy. See #1006
sindastra
commented
4 years ago It has been a year now and this issue is still relevant. I manually go and verify OMEMO keys with my contacts, to see which ones are valid and which aren't. But then, after some time, ChatSecure indicates "removed by server" (does not show on other clients like Conversations) and I have to manually verify again. Eventually, this leads to an inconvenient state where you just enable all keys to be able to send a message, which is less secure than if the keys could be pinned from the start. If anyone has time, please add the option to pin OMEMO keys.
sindastra
commented
4 years ago Maybe I should clarify that this issue is not a duplicate of #1006 as my proposal is to implement key pinning which would bypass key expiration altogether.
I propose the option be added to pin OMEMO keys, so that you don't have to keep enabling them whenever "removed by server" or other reasons.
Basically in the same way Conversations for Android handles it. The current way ChatSecure does it, is highly inconvenient when you (or the other end) uses multiple devices (but not all concurrently) as keys seem to "expire" often and have to be manually re-enabled.