To add a little bit, avoiding forward secrecy was a design decision. We wanted to support adding and removing devices from your account (including removing all of your original devices, if you want), and we wanted new devices to be able to read your message history. I think those two things put together are in conflict with forward secrecy.
That said, we'd like to allow you to turn off history for some messages, and it would be nice if you got forward secrecy for those messages when you did that. We're currently in the middle of figuring out how that's going to work. One of the open problems is this sort of situation: If I have 5 devices, and one of them is a laptop that's been in the closet for 3 years and won't ever rotate its keys again, how do we avoid making that laptop a giant hole in my forward secrecy guarantees?
It seems like a reasonable design decision to have a time horizon beyond which a device which has been out of communication loses access to more recent messages. That could be significantly less than 3 years - probably a week or two is fine.
To add a little bit, avoiding forward secrecy was a design decision. We wanted to support adding and removing devices from your account (including removing all of your original devices, if you want), and we wanted new devices to be able to read your message history. I think those two things put together are in conflict with forward secrecy.
That said, we'd like to allow you to turn off history for some messages, and it would be nice if you got forward secrecy for those messages when you did that. We're currently in the middle of figuring out how that's going to work. One of the open problems is this sort of situation: If I have 5 devices, and one of them is a laptop that's been in the closet for 3 years and won't ever rotate its keys again, how do we avoid making that laptop a giant hole in my forward secrecy guarantees?