From this[1] answer on the IT Security StackExchange site:
> N+1Sec is a similar protocol [to multi-party OTR, which requires participants to be online at all times to renegotiate keying material] with some improvements. Note that these protocols have a lot of algorithmic complexity and tend to scale badly, especially when you add latency into the mix.
It's unclear to me, though I can hardly imagine it being the case, whether this protocol requires all participants to be online at all times. The quoted answer surely sounds like it has that drawback, which is why I never really considered it as an option (leaving the Signal Protocol with "server-side fan-out" as the only good option).
If it does not have that drawback, having another protocol is a great thing, assuming what Wire says is true regarding OpenWhisperSystems trying to get millions from them for implementing a supposedly open source protocol.[2]
Skimming the protocol specification it seems like they renegotiate a subession whenever someone joins or leaves a group.
> The quoted answer surely sounds like it has that drawback
For IRC you would probably run this on a bouncer, which is essentially always-on even if the device from which you access the bouncer is not. Of course this only works for people who have the technical skill to configure one in the first place.
Not sure what you mean by a sub-session but my perusal suggests an entirely new conversation key is negotiated by current participants when those participants change. The spec doesn't say anything about requiring everyone to be online but I think it's implied. It may be that not everyone has to be online at the same time (which would just delay the negotiation IIUC) which is interesting but I wonder what would happen if an offline participate rejoins and doesn't get a full transcript from when they were last online with the carrier. Sounds entirely possible for an IRC/XMPP carrier with people not using bouncers.
I also think that it's implied, maybe like Telegram Private Chat - when you need to wait the peer to go online before complete the key exchange.
However when scale to a group with N peers.. we need to wait all of them, maybe they do waking up the peer's via Silent Notification or something like that..
> N+1Sec is a similar protocol [to multi-party OTR, which requires participants to be online at all times to renegotiate keying material] with some improvements. Note that these protocols have a lot of algorithmic complexity and tend to scale badly, especially when you add latency into the mix.
It's unclear to me, though I can hardly imagine it being the case, whether this protocol requires all participants to be online at all times. The quoted answer surely sounds like it has that drawback, which is why I never really considered it as an option (leaving the Signal Protocol with "server-side fan-out" as the only good option).
If it does not have that drawback, having another protocol is a great thing, assuming what Wire says is true regarding OpenWhisperSystems trying to get millions from them for implementing a supposedly open source protocol.[2]
[1] https://security.stackexchange.com/a/127331/10863
[2] https://medium.com/@wireapp/axolotl-and-proteus-788519b186a7