coi-dev / coi-specs

Specifications for COI
Mozilla Public License 2.0
48 stars 7 forks source link

0 RTT encrypted messaging #8

Closed sylvain101010 closed 4 years ago

sylvain101010 commented 4 years ago

Hi,

I live the concept of encrypted messaging over Email, but find the execution not good enough to gain adoption.

As I understand, as of today, to establish an encrypted communication, there should be a 2 ways handshake to exchange the PGP keys, as required by the AutoCrypt protocol.

From an usability and privacy point of view, it's not good.

Can't we take inspiration from QUIC and allow 0 RoundTrip Time encrypted messaging ?

https://blog.cloudflare.com/even-faster-connection-establishment-with-quic-0-rtt-resumption/

VP- commented 4 years ago

Unfortunately, it's not simply "0-RTT", but "0-RTT resumption":

The basic idea behind 0-RTT connection resumption is that if the client and server had previously established a TLS connection between each other, …

So, applied to messaging, that would be optimizing the second and further encrypted messages, after the keys have been exchanged. Not the first key exchange itself.

robert-virkus commented 4 years ago

I will close this now and keep this as an inspiration for the future