Closed juniorz closed 6 years ago
- A client might decide to take as valid a prekey message only if it trusts the long-term public key on it. This should be noted. Check ADR9:
" Alice receives two prekey messages for Bob because Bob uses two OTRv4 clients, one for his phone and one for his laptop (or the same client in different devices). Each client maintains their own set of prekey messages on the same prekey server. These two prekey messages will be different by instance tag. This scenario can, therefore, follow different paths:
a. The two prekey messages may have user profiles created with different long term keys and two prekey profiles signed by those different keys respectevely. At this point, if Alice trusts only one key, she may decide to send a message only to the client with the key she trusts. If Alice trusts both keys, she may decide to send a message to one or both. If Alice does not trust either key, she may decide not to send a message or she may send messages without validating the keys. b. The two prekey messages may have user profiles created with the same long term key and prekey profiles signed by the same key. If this key is trusted, Alice may decide to send a message to both client instances. Or Alice may decide to send a message only to the first Prekey message received. If Alice does not trust the key, she may decide not to send a message or send an message to both instances without validating the keys.
"
I just wrote:
Optionally, a client can only use prekey messages that contain trusted long-term public keys.
just like an option... what do you think?
I think this is solved @juniorz ?
This paragraph keeps coming as something that should be in the prekey server spec:
It is unsure if we should add this to this spec or to the OTRv4 spec, since OTRv4 will not have to bother with multiple versions of prekey messages.
See: https://github.com/otrv4/otrv4-prekey-server/commit/17b0a3a6e5e84c664bf4c3efa5988b2fad8fccbc#r28241471