[OTR-dev] RSA signatures again
Ian Goldberg
ian at cypherpunks.ca
Sat Aug 24 10:41:42 EDT 2013
On Fri, Aug 23, 2013 at 11:11:27PM +0200, Jurre van Bergen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/23/2013 10:54 PM, Paul Wouters wrote:
> > On Thu, 15 Aug 2013, Timo Sirainen wrote:
> >
> > Ian, what's your take on this? Should we support it?
> >
> > If so, I'd like to add the keytype number for RSA in the upcoming OTR
> > draft.
> >
> > Paul
> >
> >> Date: Thu, 15 Aug 2013 15:42:50
> >> From: Timo Sirainen <tss at iki.fi>
> >> To: otr-dev at lists.cypherpunks.ca
> >> Subject: Re: [OTR-dev] RSA signatures again
> >>
> >> On 15.8.2013, at 19.00, Timo Sirainen <tss at iki.fi> wrote:
> >>
> >>> I was planning to use libotr for a project where I'd need both
> "normal" asymmetric encryption (RSA probably) and OTR-like encryption.
> The problem is that I was hoping to use a single public key for both
> uses, but OTR uses only DSA and I can't do encryption with it. My next
> thought was to modify libotr to support RSA signatures as well, but
> since I'm not really a crypto expert I thought I'd ask here first if
> that's even a good idea? Would it be as simple as changing the
> DSA-specific code to RSA or are there some deeper problems to solve as well?
> >>
> >> At least it seems to work..
Wait: you're trying to use the same key for signing messages in OTR and
for decrypting messages in another protocol? This is an *extremely* bad
idea cryptographically. Or do I misunderstand?
> Allow me to hijack this thread a bit.. what happened to the idea of
> swapping out DSA for ECC? Wouldn't it make more sense to include ECC and
> not RSA? Especially with the look at the future?
I'm more willing to discuss some variant of ECDSA (Ed25519?). But one
of my big concerns is support in the variety of languages for which
there already exist libotr implementations.
- Ian
More information about the OTR-dev
mailing list