I want only one single key that all of my accounts use for encryption. Or at the very least I want to be able to decide which accounts use which key, independantly of the accounts themselves. Why is there a separate key for each account? Is there some glaring security problem if you ever use two keys for two different accounts? Because I have a very good reason I want to share keys between accounts.
Automatic roster migration.
It won't be automatic of course until someone implements that, but at least it'll be possible. Not using the same key is very dangerous in fact. Consider the following possibility:
You have a single account that you use pidgin-encryption on to communicate securely. Unfortunately the administrators of that server decide for a valid or invalid reason to block and cancel your account. You have no warning of this, it just happens. So you get a second account at a more reliable server, and then you inform all of your business associates that you are the same person dialing in from a second account. "I'm sorry," they answer, "But there is a third account also claiming to be you. Could you log into your original account, to tell us reliably which is the real account?" Oh snap.
If however you could share keys between all accounts, or switch keys from one account to another, you could easily fix this by telling them, "Check which of the new accounts uses the same signing key as the old account." Problem solved. 100% reliable, as long as strong encryption can't be broken. It could even be automated if anyone cared to, because there's no way to fool even an automated computer, as long as the same key is used to sign with.
So... why do you not do that? I would like to enable that if possible, but not sure if there isn't some glaring reason it'd be impossible or insecure that I haven't thought up yet. Instead if I have to get a new account, I have no way to reuse the old key beyond going and hacking the key database in my profile directory, if that would even work at all.
Log in to post a comment.