t3chguy
commented
5 years ago The issue is that when you log in you generate a new set of device keys, and any key rotations which happen while you have no active devices would go unnoticed
Closed tx1683 closed 5 years ago
t3chguy
commented
5 years ago The issue is that when you log in you generate a new set of device keys, and any key rotations which happen while you have no active devices would go unnoticed
tx1683
commented
5 years ago Key rotation in sender I presume? Shouldn't sender wait with rotating its keys when recipient is offline? Or any other solutions... That issue is making encryption pretty unusable for some people and is very annoying.
t3chguy
commented
5 years ago Key rotation happens whenever the device list changes (to prevent leaking encryption keys) and also periodically to provide forward secrecy
The issue is easily worked around by keeping a session alive on a mobile device
tx1683
commented
5 years ago I know about this workaround, but in my use case it isn't practical, sadly. Is there any theoretical way to keep FS, and also deliver decryptable messages when recipient is offline?
turt2live
commented
5 years ago Closing in favour of cross-signing, which should address this sort of use case. Tracking issue is https://github.com/vector-im/riot-web/issues/9631
ghost
commented
1 year ago Closing in favour of cross-signing, which should address this sort of use case. Tracking issue is #9631
How does cross-signing help in this scenario?
Description
When using in only one device in browser in private/incognito mode and using online backup most encrypted messages received when user is offline are undecryptable when logged in.
Steps to reproduce
Messages send to me, when my only device is offline should be encrypted using that device pubkey. When logged in with new key and then to online backup that messages should be decrypted using that key which was restored from backup.
Version information