[OTR-dev] OTR using PAKE and for group chat
Louis Granboulan
louis.granboulan.developer at gmail.com
Wed Mar 10 10:02:09 EST 2010
Ian Goldberg answers:
> OTR already has a mechanism for authenticating with a shared secret.
> See http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html (the current
> version). It's the "Socialist Millionaires' Protocol" (SMP).
>
OK. I did not look at the lastest version of OTR.
Can you describe the advantages of your proposal over that?
>
I am not sure that there is a true advantage in practice, but for example
EKE is less computationally intensive that OTR+SMP. Not using long-term
public keys has some advantages in terms of efficiency.
> As for group chat, it's work in progress. We had a paper a few months
> ago in ACM CCS describing a protocol for it, but quite a bit more work
> still needs to be done.
>
I guess that you refer to http://www.cs.uwaterloo.ca/~iang/pubs/mpotr.pdf
I would not be as strict on the authentication as you appear to be.
For group chat, I would not require one-to-one authentication, but simply
that every participant has proved that he knows the shared password. It
would be the digital world version of a meeting of a secret society, where
one has to prove membership, but not identity.
--
Louis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20100310/06190700/attachment.html>
More information about the OTR-dev
mailing list