[OTR-dev] otr dh key encryption

Ileana ileana at fairieunderground.info
Tue Feb 19 13:58:34 EST 2013


On Tue, 19 Feb 2013 11:36:36 +0100
Kjell Braden <kb at pentabarf.de> wrote:

> 
>   Also, you confuse two different concepts of authentication:
>   Every OTR session uses cryptographic authentication. If you
> previously marked a key as trusted (ie. you know it belongs to the
> reported owner), OTR will flag it as trusted again if you come back
> later to the same DSA key.

Another note on this:  doesn't this destroy your "plausible
deniability"?  If there is some DSA key stored on my computer, that I
keep showing to everyone I chat with, and is recoverable if my computer
is seized...what is deniable about that?  

Until someone can explain that to me, I prefer to generate new keys for
each communication session.



>   Claiming that torchat had automatic authentication while OTR used 
> manual authentication is misleading, because the same manual 
> authentication appears in torchat by exchanging the hidden service 
> address (see Gregory's post).
> 




More information about the OTR-dev mailing list