[OTR-dev] OTR using PAKE and for group chat

Louis Granboulan louis.granboulan.developer at gmail.com
Thu Feb 18 12:42:33 EST 2010


Dear all,

I would like to add to an instant messenging framework an end-to-end
password-based security layer. Therefore, instead of relying on a accepting
a public key like OTR, the authentication would rely on a shared password
(cf. http://en.wikipedia.org/wiki/Password-authenticated_key_agreement )
It appears that instead of re-doing everything from scratch, a better way
might be to add this possibility to the already existing OTR framework.

However, this would imply some important changes to the OTR library, by
adding a non-OTR protocol, and I would like to know if these changes can go
mainstream when the implementation would be stable.
Moreover, I would like to extend the PAKE security to group PAKE if the
encryption is started within a multi-user group chat. I did not see any
discussion on how to interface the OTR library with group chat.

Thank you,
Louis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20100218/d3db1ccb/attachment.html>


More information about the OTR-dev mailing list