[OTR-dev] OTR, keyservers, MITM, etc.
Greg Troxel
gdt at ir.bbn.com
Thu Aug 6 08:26:11 EDT 2009
chris-tuchs at hushmail.com writes:
> I would like to start a discussion of using OTR in conjunction with
> some form of keyservers and/or automatic detection of MITM. I have
> a particular protocol to discuss, but am interested in related
> ideas.
> Is this a good list to use, or can you suggest a better one?
I have long thought that the right thing is to use openpgp-format keys
for OTR, with the notion that someone would have an OTR signature key
and sign that with their real openpgp key. Then once authentication is
done for pgp it will work for OTR (or if the reason is OTR, you'll get
PGP out of it).
I suppose one could also have integration with S/MIME certs, but in my
experience (outside of US government use) those tend to be certs from
PKI certificate sellers that I can't figure out why I should believe.
So I wouldn't argue against s/mime, but I wouldn't bother either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 193 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20090806/cc6021fa/attachment.pgp>
More information about the OTR-dev
mailing list