You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I understand the protocol, a "last resort" prekey (that doesn't provide forward secrecy) is used for offline session establishment if all regular prekeys on the server have been used.
Are users warned if that situation occurs?
The text was updated successfully, but these errors were encountered:
But how about warning a user if his own last resort key is repeatedly used? If this happens repeatedly, this could mean that someone is attacking him by intentionally depleting the prekeys, which is an attack that TS cannot effectively mitigate, right?
So if this happens a lot, effectively completely stripping my TS of forward secrecy, I think as a user I would expect some form of warning.
This "attack" can only effect the first message a contact ever sends you. We can mitigate it by rotating the key. We shouldn't ever surface anything like this to the user.
As far as I understand the protocol, a "last resort" prekey (that doesn't provide forward secrecy) is used for offline session establishment if all regular prekeys on the server have been used.
Are users warned if that situation occurs?
The text was updated successfully, but these errors were encountered: