Only checking against the SignalProtocolAddress name when calling isTrustedIdentity in SessionBuilder

[fstracke]

Hey! I've recently started implementing End-to-end encryption using this library.
However when implementing a multi-device scenario I constantly got errors about changing IdentityKeys. When I checked the source code of the SessionBuilder class I found following line causing the error:

libsignal-protocol-javascript/src/SessionBuilder.js

Lines 9 to 11 in 6a58052

	return this.storage.isTrustedIdentity(
	this.remoteAddress.getName(), device.identityKey, this.storage.Direction.SENDING
	).then(function(trusted) {

Here in line 10 the IdentityKeyStore is only checked for the name of the SignalProtocolAddress not the complete tuple of name.device. In the following lines the IdentityKeys are also only access through the address name.

Reading the documentation of the Signal Protocol, it states:

Sesame supports two different models for key pairs: With per-user identity keys, all devices under a user share the same key pair. With per-device identity keys, each device may have a different key pair.

With per-user identity keys, identity public keys for other devices are stored in UserRecords. With per-device identity keys, identity public keys for other devices are stored in DeviceRecords.

My question simply would be if this implementation of the Signal Protocol is indeed based on saving identity keys in the UserRecord, requiring them to be shared over multiple devices, and whether it would introduce security concerns to (privately) change the implementation to storing identity keys in DeviceRecords?

[fstracke]

Furthermore, I've noticed how in different parts of the library, the toString() function is used when referencing IdentityKeys:
https://github.com/signalapp/libsignal-protocol-javascript/blob/master/src/SessionBuilder.js#L52-L55

Doesn't this cause the isTrustedIdentity() function to always return true, as long as a valid identityKey is passed to the function?