[OTR-dev] Last-minute change to libotr 4 API

Ian Goldberg ian at cypherpunks.ca
Sun Aug 26 13:17:55 EDT 2012


On Sun, Aug 26, 2012 at 09:48:56AM -0700, Howard Chu wrote:
> Ian Goldberg wrote:
> > On Sat, Aug 25, 2012 at 08:54:56PM -0700, Arlo Breault wrote:
> >> If it's only the first messages, you can start the conversation with
> >> heartbeat packets so that compromising them is meaningless.
> > 
> > Nice idea!  But then we'd have to *require* all OTR clients to implement
> > this.  Since not all OTR clients use libotr (there are a number of
> > compatible implementations now, though not yet of the new version of the
> > protocol), it seems bad to force them to change their behaviour because
> > of a wart in the API of libotr.
> 
> But is this really just an API implementation issue, or is it
> fundamental to the protocol? It seems to me that if you want to
> support this multiple endpoint scenario, you have this problem no
> matter what implementation you use.

I don't think it's fundamental to the protocol.  I wouldn't warrant that
every possible implementation of the OTR protocol version 3
automatically has a forward secrecy problem for the initial messages.
(For example, the proposed change to libotr would make it so that it
doesn't.)

   - Ian



More information about the OTR-dev mailing list