|
|
|
|
|
|
by grogers
3443 days ago
|
|
|
Resending and reencrypting the message mean the same thing here, I don't understand the distinction. Once the user okays the key change it can be resent by encrypting with the new key, before that it would be blocked from being resent. I know nothing of the signal protocol, but whether the server can tell the message is garbage depends on what the receiver client tells the server. An ideal client would acknowledge receipt to the server but show the user an error (or silently drop the garbage message). From the quote it seems like this is the case, in which case the server can't tell a true message receipt from receipt of garbage and the correlation doesn't work. |
|
|
You're forgetting that the server is the one telling the sender what the new key is. If the key is under the control of the attacker/server, they can read the message and determine if it's garbage or not.