> <i>A malicious server can trick the client into using the same key while talking to the server during the initial registration protocol and while talking to other users in the E2E protocol.</i><p>this is bad<p>> <i>we show that the attacker can trick a user into creating a valid vouch box and sending it to the attacker. This allows the attacker to impersonate the client to the server forever.<p>This attack means that, under some circumstances, a user might compromise his or her own account by simply sending a message to another user.</i><p>Yikes
The title of this submission is editorialized and misleading. @dang, please change to the original title "Three Lessons from Threema -- Analysis of a Secure Messenger".