[OTR-dev] Separate Fingerprint For Each Account?
Ian Goldberg
ian at cypherpunks.ca
Wed Sep 17 08:41:03 EDT 2008
On Tue, Sep 16, 2008 at 10:44:09PM -0700, otr at synx.us.to wrote:
> I can see the value of having more than one authentication key: so you
> can have several different identities,
This is in fact the original motivation.
> but I cannot see the utility of
> requiring a separate key for each account. Even more so, I cannot see
> why it is necessary to have a separate key for each account, besides the
> fact that the current implemenation uses some kind of lookup table
> matching "account -> key". It could as easily be "identity -> key" where
> "identity" is shared between some, or all physical channels and accounts.
The problem is that there's no notion of "identity" that can be
programatically checked. If I've verified that the AIM id "fooman" has
a particular key, should OTR (technically, pidgin-otr, Adium, Kopete,
Psi, etc.) automatically believe that "fooman at foo.com" on MSN
and "fooman at jabber.de" on XMPP can be correctly authenticated with
that same key?
- Ian
More information about the OTR-dev
mailing list