Once verb support has been added to message payloads (LOC-16
) it should be possible to add a Re-Key verb.
The idea being that a user's client should be able to generate a new encryption key, encrypt it with the current key and send it out to all users currently active in the room (their clients will then begin using that key).
That way, if a /join
statement later leaks, any messages after the re-key won't be able to be decrypted (unless the session has been logged, at which point you'd be able to decrypt the new key).
Realistically, we should probably only allow the room owner to trigger a re-key, to reduce the possibility of a user forcing a re-key to use a key he's shared with an adversary in advance. The client doesn't currently know who the room owner is, but that should change once Roster support is implemented (LOC-19
Once a client has re-keyed, it should push a confirmation message into the group to note it's accepted the new key.