[OTR-dev] Flaw in OTR Protocol (with workaround!)
Greg Troxel
gdt at ir.bbn.com
Tue Jul 26 08:39:01 EDT 2005
I'd like an OTR implementation to be able to send a computer-readable,
authenticated "delete SA" message to the other side, for example when
exiting a client.
I would like to be able to sign OTR public keys (not session keys, but
the signing keys) in openpgp format, and to be able to send openpgp
keys to peers, kind of like x509 certs in IKE, so that I can leverage
the PGP WoT to authenticate OTR signing keys. Checking one signing
key for someone is far more reasonable than checking 6 OTR keys for my
friend's 6 computers, and thus far more likely to happen.
--
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-dev
mailing list