[OTR-dev] MAC keys to be revealed

Paul Wouters paul at cypherpunks.ca
Thu Jan 20 20:03:31 EST 2005


On Thu, 20 Jan 2005, Ian Goldberg wrote:

> On Thu, Jan 20, 2005 at 04:06:28PM -0500, alex323 wrote:
> > Do you HAVE to send out your old MAC keys?
> 
> Even moreso than all those surveillance cameras everywhere, it's
> For Your Protection.  You really really want people to be able to forge
> messages after the fact.
> 
> HAVE to?  There's no client out there (yet) that will complain if you
> don't, but it's a really good idea to do it.

OTR should check for the MAC leakage, and warn me or even disconnect the OTR
session if it detects the remove client doesn't do this. I consider this to
be essential to OTR.

Paul




More information about the OTR-dev mailing list