ignirtoq

@ignirtoq@fedia.io

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Why Signal’s post-quantum makeover is an amazing engineering achievement⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

While a TLS uses the same key throughout a session, keys within a Signal session constantly evolve.

What are we defining as a "session" for Signal? The vast majority of TLS sessions exist for the duration of pulling down a web page. Dynamically interact with that page? New HTTP request backed by a new TLS session. Sure, there are exceptions like WebSockets, but by and large TLS sessions are often short.

Is a Signal session the duration of sending a single message? An entire conversation? The entire time you have someone in your address book? It doesn't seem like an apples-to-apples comparison.