@jabberati Probably. But for that scenario, Signal chats need to be intercepted right from the start or somebody acknowledges a changed key without asking back on a secure or different channel.
@jabberati@publicvoit btw it could be a serious drawback of OMEMO as a protection scheme - I mean not a technical, but a "social" one. With PGP, one needs to import an old key on a new device or send a new key to contacts when the old is still valid (it could be signed by an old one) - and it is possible to do. With OMEMO, one gets a new key in the moment of a new launch and only after that must somehow construct a second verification channel (provided that whoever cares).
@jabberati@publicvoit Partially, including this. I mean OpenPGP allows for more possibilities in key management, at least in the current implementation, which can make the practice less error-prone and more convenient.
As a part of this, yes, one can use a single key for his devices (it is a good question if it is possible to have a few of them with different level of trust, though).
And what is more, if one plans to change the key, he can announce that in advance and share the new one via a channel which is already secure. Or one can generate a key, make the check on a personal meeting and assign it to his account after the check.
Add comment