Nope. Whenever anybody ask them, they refer to this and close the ticket
I find their technical rationale, while welcome, a lot of hand waving to say they couldn’t figure out how to implement it, but it was not important because it’s not a big threat, because if somebody has the device they can get all the messages on the device anyway…
Losing perfect forward secrecy for “simpler code” is a strong design choice they made. I respect them for documenting this, I wish them the best of success, but that’s not a trade-off I’m willing to make for no benefit
https://getsession.org/session-protocol-technical-information
Nope. Whenever anybody ask them, they refer to this and close the ticket
I find their technical rationale, while welcome, a lot of hand waving to say they couldn’t figure out how to implement it, but it was not important because it’s not a big threat, because if somebody has the device they can get all the messages on the device anyway…
Losing perfect forward secrecy for “simpler code” is a strong design choice they made. I respect them for documenting this, I wish them the best of success, but that’s not a trade-off I’m willing to make for no benefit