[OTR-dev] Fwd: EMPP - What can XMPP benefit from the new Echo Chat Protocol?

Ian Goldberg ian at cypherpunks.ca
Sat Jul 27 18:08:00 EDT 2013


On Sat, Jul 27, 2013 at 11:51:33PM +0200, Randolph D. wrote:
> Oh that's great. I will test OTR more and look for the API
> The E*MPP Server and Echo protocol is described here:
> https://sourceforge.net/p/spot-on/code/1576/tree/branches/0.02/Documentation/PROTOCOLS

All I see there is a bunch of stanzas like:

Message Type ("0001a") (Plaintext)
TTL (Plaintext)
0 - Symmetric Key (Base-64) (Ciphertext, PK)
EOL
1 - Symmetric Key Algorithm (Base-64) (Ciphertext, PK)
EOL
2 - Sender's Sha-512 Hash (Base-64) (Ciphertext, SK)
EOL
3 - Recipient's Sha-512 Hash (Base-64) (Ciphertext, SK)
EOL
4 - Symmetric Key (Base-64) (Ciphertext, PK)
EOL
5 - Symmetric Key Algorithm (Base-64) (Ciphertext, PK)
EOL
6 - Sender's Signature Sha-512 Hash (Base-64) (Ciphertext, PK)
EOL
7 - Sender's Name (Base-64) (Ciphertext, SK)
EOL
8 - Subject (Base-64) (Ciphertext, SK)
EOL
9 - Message (Base-64) (Ciphertext, SK)
EOL
10 - Keyed Sha-512 Message Code (Base-64) (Plaintext)

with no explanation at all.  What keys are there in the system?  Which
are long term?  Which are short term?  How are keys distributed /
computed?  What is the network model?  The threat model?  The purpose of
the protocol?  Where is the state machine to be implemented at each
node?

> From what I see, it would be a good Feature, to send Echo over OTR.
> For that the OTR could be hybrid with a libspoton kernel.
> I mean, OTR would be be affected by it, if you enter plaintext or
> cryptotext from libspoton.
> It would allow to use any Messenger connection to transfer either own or as
> well foreign Messages and you would transcend Firewalls in the sense of
> closed societies. When one jabber chat works, from china to outside you can
> also send the echo over it for many users. on the other side the ORT
> sends it to E*MPP again and spreads the echo on.
> Adding the GoldBug kernel (libspoton) to OTR would add even several
> encryption layers to OTR, so a good match for both.

I don't see why this is a good match at all.

> Can you study the kernel and GB release as well?

I haven't seen any documentation to look at.  (And even if there were,
it's unlikely I could spend cycles on it at this time.)

> Are you the developer of OTR?

I am the lead of the project, and usually the lead developer.

How are you involved with Goldbug?  Can you produce better
documentation for it and its underlying protocols?

Thanks,

   - Ian



More information about the OTR-dev mailing list