[OTR-dev] SESS_DIR_LOW vs SESS_DIR_HIGH?
Evan Schoenberg
evan.s at dreskin.net
Tue Jan 25 18:01:43 EST 2005
On Jan 25, 2005, at 4:49 PM, Ian Goldberg wrote:
> On Tue, Jan 25, 2005 at 01:48:54PM -0600, Evan Schoenberg wrote:
>> What do SESS_DIR_LOW and SESS_DIR_HIGH mean? I see that one is
>> bolded and one is not... is one your Secure ID and the other the
>> remote
>> one?
>
> The secure session id is shared between the two of you. One half is
> bold; the intent is that if you choose to verify the session id by some
> out-of-band means (phone, or whatever), you each read your bold part to
> the other guy.
>
Ah, I see. If I'm putting it somewhere in plain (unformatted) text,
what do you think would be a good label for each part, then? Right now
I have whichever one would be bold in gaim-otr being labeled the
"incoming" secure ID, and the other the "outgoing."
> gaim-otr's README says:
> If they're
> both correct, you're assured that there's no one intercepting your
> private conversation. This is secure, even if you know that one or
> both of your private keys have been compromised.
>
Damnit, read the README and forgot that part. I hate asking questions
which are already answered :)
How is it that this is secure even if one or both private keys are
compromised?
-Evan
More information about the OTR-dev
mailing list