[OTR-dev] Flaw in OTR Protocol (with workaround!)

Ian Goldberg ian at cypherpunks.ca
Wed Aug 3 14:44:45 EDT 2005

On Tue, Jul 26, 2005 at 08:39:01AM -0400, Greg Troxel wrote:
> I'd like an OTR implementation to be able to send a computer-readable,
> authenticated "delete SA" message to the other side, for example when
> exiting a client.

It was a design decision very early on that there be no way for a client
do drop from "private" to "not private" except if the user explicitly
requests it.  Imagine you were typing some long private message to your
buddy, and just before you push "Enter", your client receives this
"delete SA" message.  We do *not* want your private message to be sent

> I would like to be able to sign OTR public keys (not session keys, but
> the signing keys) in openpgp format, and to be able to send openpgp
> keys to peers, kind of like x509 certs in IKE, so that I can leverage
> the PGP WoT to authenticate OTR signing keys.  Checking one signing
> key for someone is far more reasonable than checking 6 OTR keys for my
> friend's 6 computers, and thus far more likely to happen.

You of course *can* sign OTR public keys in openpgp format:


The OTR fingerprint for otr4ian on AIM is
C5D70FB3 135CB595 F2F31E01 88884CEF BDD73BD9

The OTR fingerprint for otr4ian at jabber.org on Jabber is
30216646 4D6CDA2A 9DBBB761 8E91679C 0345858C

Version: PGP 6.5.8


Your buddy should put something like that on his web page.

That being said, some future version is likely to support various
"in-band" verification mechanisms, including preshared secrets.

   - Ian

More information about the OTR-dev mailing list