[OTR-dev] Separate Fingerprint For Each Account?
otr at synx.us.to
otr at synx.us.to
Thu Sep 18 16:48:20 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Goldberg wrote:
> Sure, and what you say after that is at least mostly reasonable. But
> that's not how IM clients treat identity today.
Ah, yeah I will grant that there's no way to signify with an IM client
that account A and account B are both the same person. You can however,
automatically mark account B as verified, if it uses the same key as
verified account A. The client will still treat them like different
people, but at least OTR won't project dire warnings about it, when none
are necessary. Currently however OTR doesn't have any functionality like
that.
I'd have it so everyone uses a single key by default for all accounts,
so that the client would still display two accounts as being different
people, but if they were the same person you'd only have to verify one
account, and the other would just switch on its own (or display a
message "this is the same person, guy" while doing so).
> On the other hand, if you *did* write an IM client with a user-centric
> notion of identity,
I have considered something like that. I kind of got bogged down trying
to figure out how to write a protocol plugin in libpurple, that itself
used the jabber protocol plugin to operate. I think the "CSpace" project
attempts the strategy of a user-centric notion of identity, though I'm
pretty sure they don't have perfect forward secrecy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjSvpQACgkQB/meY5RuPPS0PACfWAZPc6xdLQMBIxLMc6F6l4XN
EIoAn1zGWqk45kGfLNaS+HTA9qJyJZjI
=+3O0
-----END PGP SIGNATURE-----
More information about the OTR-dev
mailing list