[OTR-dev] Flaw in OTR Protocol (with workaround!)
Alex
alex323 at gmail.com
Wed Aug 3 20:36:46 EDT 2005
>>I would like to be able to sign OTR public keys (not session keys, but
>>the signing keys) in openpgp format, and to be able to send openpgp
>>keys to peers, kind of like x509 certs in IKE, so that I can leverage
>>the PGP WoT to authenticate OTR signing keys. Checking one signing
>>key for someone is far more reasonable than checking 6 OTR keys for my
>>friend's 6 computers, and thus far more likely to happen.
>
>
>You of course *can* sign OTR public keys in openpgp format:
>
Ian Goldberg wrote:
> The OTR fingerprint for otr4ian on AIM is
> C5D70FB3 135CB595 F2F31E01 88884CEF BDD73BD9
>
> The OTR fingerprint for otr4ian at jabber.org on Jabber is
> 30216646 4D6CDA2A 9DBBB761 8E91679C 0345858C
>
You just gave me a great idea for my C# implementation of OTR :)
I will try to feature something like that.
- Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20050803/dc857bf6/attachment.pgp>
More information about the OTR-dev
mailing list