[OTR-dev] otr dh key encryption
Ileana
ileana at fairieunderground.info
Tue Feb 19 13:58:34 EST 2013
On Tue, 19 Feb 2013 11:36:36 +0100
Kjell Braden <kb at pentabarf.de> wrote:
>
> Also, you confuse two different concepts of authentication:
> Every OTR session uses cryptographic authentication. If you
> previously marked a key as trusted (ie. you know it belongs to the
> reported owner), OTR will flag it as trusted again if you come back
> later to the same DSA key.
Another note on this: doesn't this destroy your "plausible
deniability"? If there is some DSA key stored on my computer, that I
keep showing to everyone I chat with, and is recoverable if my computer
is seized...what is deniable about that?
Until someone can explain that to me, I prefer to generate new keys for
each communication session.
> Claiming that torchat had automatic authentication while OTR used
> manual authentication is misleading, because the same manual
> authentication appears in torchat by exchanging the hidden service
> address (see Gregory's post).
>
More information about the OTR-dev
mailing list