[OTR-dev] OTR, keyservers, MITM, etc.

Ian Goldberg ian at cypherpunks.ca
Sun Aug 9 18:27:27 EDT 2009


On Wed, Aug 05, 2009 at 09:50:41PM -0700, chris-tuchs at hushmail.com wrote:
> I would like to start a discussion of using OTR in conjunction with
> some form of keyservers and/or automatic detection of MITM.  I have
> a particular protocol to discuss, but am interested in related 
> ideas.
> Is this a good list to use, or can you suggest a better one?

This list is fine for that.

The "use GPG keys for OTR" suggestion comes up pretty regularly.  But
most GPG keys don't have your IM username and network in a canonical
format in them, so you'd have to manually associate the GPG key to the
IM buddy anyway.  Is that better than manually associating the OTR key?
Is it better than using the Authenticate Buddy mechanism?  Note that
keyservers don't help you much if at all here.

Or are you suggesting one of the timing-based MITM detection protocols?

   - Ian



More information about the OTR-dev mailing list