Title.

I’ve used it before, but I’m not really sure how I feel about it. Would you use it on a day-to-day basis?

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      5 months ago

      https://getsession.org/session-protocol-technical-information

      Nope. Whenever anybody ask them, they refer to this and close the ticket

      I find their technical rationale, while welcome, a lot of hand waving to say they couldn’t figure out how to implement it, but it was not important because it’s not a big threat, because if somebody has the device they can get all the messages on the device anyway…

      Losing perfect forward secrecy for “simpler code” is a strong design choice they made. I respect them for documenting this, I wish them the best of success, but that’s not a trade-off I’m willing to make for no benefit