What advantage does Signal protocol have over basic public key encryption?

[Karl]

On 1/25/21, David Barrett <dbarrett at expensify.com> wrote:
> Incidentally, for anyone following along, here's a great thread I had on
> Twitter regarding this:
>
> https://twitter.com/dbarrett/status/1353768706141163520
>
> My current summary of Signal's primary design goal is:
>
>> Perhaps I'm looking at it the wrong way. Signal's primary design goal
> seems to be to *enable* truly effective self-destructing chats (which means
> enabling them to self-destruct at every layer), to limit the damage from
> device compromise. That is their primary differentiated feature.
>
> Given that the device is the weak link (ie, the most likely place that a
> key would be compromised), and without self-destructing chats the device
> has a complete record of all past messages, then there's really no point to
> all the double-ratchet stuff (which exists purely to limit the damage of
> any individual key being compromised) because in the process of
> compromising any key, you also compromise *all messages* (obviating your
> need for the key in the first place).
>
> Does that seem a fair summary?

Sorry for over-replying.  I'm trying to catch up and don't want to
figure out all the replies with strategically placed errors different
from my errors.

I would summarise Signal totally differently:

Signal is the only popular cryptographic messaging system where actual
norms that people care about are respected.  Most message systems just
do stupid things, and lie to you when you call them out on it, and
it's frustrating and infuriating.

It is obviious that Signal is not motivated by profit, but rather
their users and functionality.  They have an automated system that
gives their donated money to people who contribute improvements.