[Standards] inbox/omemo-filetransfer: Not possible to resume aborted transfer
andrey.gursky at e-mail.ua
Sun Dec 11 18:12:26 UTC 2016
> An encryption header MUST only be used for one session. However when
> doing a rangend tranfer on a previously aborted file the key/IV pair
> MUST be reused and packed into a new header to keep the integrity of
> the file.
This is a nice catch. But I have two issues with it.
Once jingle session is closed, all state is disposed. It is not
practical to maintain all the keys being used during all sessions in
some upper layer in case of a ranged transfer appears.
The second issue: it seems to me not to work at all in practice:
- Sender initiates a session, sends a file offer and transmits the file.
- Transmission is aborted. It can be that "100% sent" is reported to
the sender due to quick proxy, but slow receiver. Thus the sender
cannot know how much data the receiver actually have got successfully.
- Sender is going to transmit the file again and initiates a new
session. The session has a new key/iv.
- Receiver approves the file offer adding a ranged element.
- Now the sender sees a ranged element but it is too late: session is
already initiated with a new key/iv. And it continues to transmit the
- Receiver gets the rest of the file encrypted with different key/iv
and cannot decrypt it.
More information about the Standards