Comment by wim
10 hours ago
Depending on the threat model you want to protect against, yes. For example, although a revoked user doesn't have direct access to data anymore, they could technically collude with us to get future encrypted messages and then decrypt them. At the moment rekeying is only possible by exporting a workspace, changing its key (with a command line tool), and then reimporting it.
I didn't want to sidetrack you with this. I just wanted to know if I understood correctly. I believe this is nothing you need to worry about at this time. Thanks.