-
-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Second factor for re-registering with the server #3988
Comments
Thanks but I don't think we're going to do this. |
Might I ask why?
|
Hey Moxie, just wondering if you're going to have a chance to reply at some point. Thanks. |
Ping? |
While this approach would probably be possible, it is running away from the actual problem that you initially described: those people do not use fingerprints correctly. |
If nothing else, the passphrase I propose would prevent someone from
|
Yes, you're right about that. (However, there are a lot of other ways someone can prevent you from getting messages.) |
Thanks everyone but this is an issue tracker rather than a discussion forum. If you'd like to continue discussing this, please move to the mailing list. Thanks! |
Currently, if someone gets the ability to get my SMSes, such as by stealing my SIM card or somehow intercepting them at the carrier, or number cloning, then the only thing standing in the way of that person impersonating me to a user I've already chatted to is the key mismatch warning. Some users will click through that without thinking. And someone who's never chatted to me before will not get any warning because of TOFU.
Since I don't think there's any intention to aggressively push users to manually verify key fingerprints, it would be nice if I could add a passphrase to my registration that would not let someone register a new device with my phone number without also having that passphrase. Since this adds some friction, it would be reasonable for it to be opt-in; that is to say, once I register my number for the first time, I should be able to go into the settings and enable the passphrase requirement.
The biggest drawback I can see is that if I give up my phone number and then it is reassigned, someone else will be stuck unable to use textsecure with that number. I can't really think of a perfect way to solve this, but expiring a registration that hasn't been used at all in some period of time, say 12 months, would probably be a reasonable approach. Alternatively, instead of just requiring use, the server could periodically send the client a liveness check of some sort (via push), and clear the registration if those don't succeed for some shorter period of time (3 months?) if the app isn't even responding at all.
The text was updated successfully, but these errors were encountered: