[Standards] XEP-0384: Staleness of devices
jonas at wielicki.name
Tue Aug 28 14:27:36 UTC 2018
Note, I’m not familiar with OMEMO and it’s ratchet system, so take this with a
grain of salt.
On Dienstag, 28. August 2018 13:26:51 CEST Paul Schaub wrote:
> Another countermeasure against stale devices is sending empty
> ratchet-forward messages on a regular basis. Those messages do have the
> same format as KeyTransportMessages , in that they do not contain a
> body. Their purpose is to forward the ratchet without user interaction.
> The downside is, that a device has to do this on its own, so this is not
> a good defense against attackers devices.
Would it be possible for devices which exist and are used by a user, but not
for sending (for whatever reasons) to auto-reply with an empty message with
e.g. a probability of 1/10 or whatever to each message? This would allow
advancement of the ratchet (If I Understand This Correctly) without user
interaction and it puts the burden on the device which still wants to receive
messages (i.e. if an attacker chooses to not send these messages, they’re
But yeah, I have no idea about OMEMO. Just throwing stuff in.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards