“Doesn’t Olm/OMEMO also use a simple hash ratchet when sending consecutive messages from the same sending device?”
That’s true as far as I remember. This also means that under some circumstances (if a device is not used for some time), OMEMO/Olm lose the property of future secrecy.
So if you *really* want to have future secrecy, you should not send to inactive devices. Instead only send to the recipients active device. I should add this remark to the post.
In OMEMO we are currently considering to suggest to implementors to utilize the ratchet message counter to determine staleness of devices in order to force a maximum length of the sending chain to counter this.
“if you really do want Megolm to provide full PFS on a message-by-message basis, you can just set the session duration to 1 message – except this will force a X3DH over the full mesh of devices in the room”
So – to make sure that I understand it correctly – in that case you’d fetch a new PreKey from the recipient for each message? I haven’t thought about establishing new sessions using a new PreKey yet, but that might be worth a look, although my first bet would be that at least in OMEMO the sender would run out of recipient PreKeys rather quickly 😀
“MLS could be a much nicer way of getting better forward secrecy without the scalability challenges.”
Yeah, looks like I’ll have to look into MLS sooner or later 😉 It would be really *really* nice to have bridgeable e2ee using MLS, although that’ll probably be hard due to different message formatting inside the payload. Maybe we could come up with a XEP/MSC to have a shared message format? 😉
“In other news, thank you for relaying that Matrix is fundamentally different to XMPP (in terms of being a conversation history syncing protocol rather than a messaging protocol) – it’s a very welcome change to see the distinction being made by a jabber-head”
Hehe, thank you! I’m really glad to see that matrix is pushing forward in the world of federated messaging in form of a healthy level of competition/completion 🙂 In the end we are working on the same problem of closed silos and I’m very thankful that both XMPP and matrix exist to solve this issue.