[Standards] Disappearing timers for OMEMO proposal

Alexander Krotov ilabdsf at gmail.com
Sat May 12 12:53:31 UTC 2018

On Sat, May 12, 2018 at 01:36:45PM +0500, Ненахов Андрей wrote:
> сб, 12 мая 2018 г., 13:16 Alexander Krotov <ilabdsf at gmail.com>:
> > I want to be able to advertise to my contacts which of my devices
> > support timers, so devices that don't support them are not able to
> > decrypt the message.
> What a funny wish. To prove futility of it, if we ever implement
> 'advertising timers support', we'll give recipients an option to keep
> expired messages. Just because we can.

Users can already keep the messages by copying or snapshoting them.
I stated from the start that implementing snapchat-over-XMPP is a
non-goal. This feature is not to prevent someone from keeping the
message, but to prevent leaking it accidentally, for example when
their device is lost or stolen.

In Signal there is an option to enable/disable screenshots. Everyone
is free to enable screenshots and snapshot every message. But
screenshots are disabled by default to prevent messages from being
stored accidentally in application thumbnails.  You can also select
every message and send a bunch of them to some other application
via "share" feature, which is not disabled for ephemeral messages.

Ephemeral messages are not to prevent my contacts from leaking what
I message them. I have to trust them to keep secrets, keep their
devices clean from malware, install updates when vulnerabilities
are found, as well as *not to use clients with broken implementations
of security features*. On my part, I try to recommend them software
that I trust.

If you ever write an implementation that advertises that it will
respect timers, but does not, it will not prove anything.  Everyone
is free to write an implementation of OpenPGP that generates weak
keys. I am sure someone have already done this, either accidentally
or deliberately. It did not prove the futility of encryption.

In the part of my message that you quote, though, I was not even
talking about making sure message is deleted on a device that I
don't own, which is a matter of trust. I was talking about not being
able to decrypt the message on *my* devices by advertising that I
only want to receive ephemeral messages on some subset of my devices.
If you want to sabotage this feature, you better make your servers
advertise the support for timres on behalf of the user for all their
OMEMO devices. I will think about signing this setting in the same
way prekeys are signed to prevent this kind of attack.

More information about the Standards mailing list