[Standards] XEP-0384: Staleness of devices

Jonas Wielicki jonas at wielicki.name
Tue Aug 28 14:27:36 UTC 2018


Note, I’m not familiar with OMEMO and it’s ratchet system, so take this with a 
grain of salt.

On Dienstag, 28. August 2018 13:26:51 CEST Paul Schaub wrote:
> Another countermeasure against stale devices is sending empty
> ratchet-forward messages on a regular basis. Those messages do have the
> same format as KeyTransportMessages [3], in that they do not contain a
> body. Their purpose is to forward the ratchet without user interaction.
> The downside is, that a device has to do this on its own, so this is not
> a good defense against attackers devices.

Would it be possible for devices which exist and are used by a user, but not 
for sending (for whatever reasons) to auto-reply with an empty message with 
e.g. a probability of 1/10 or whatever to each message? This would allow 
advancement of the ratchet (If I Understand This Correctly) without user 
interaction and it puts the burden on the device which still wants to receive 
messages (i.e. if an attacker chooses to not send these messages, they’re 
hurting themselves).

But yeah, I have no idea about OMEMO. Just throwing stuff in.

kind regards,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180828/b5827d56/attachment.sig>


More information about the Standards mailing list