[OTR-dev] Thinking about mpOTR and secure multiparty chat protocols in general

Michael Rogers michael at briarproject.org
Fri Feb 22 06:00:59 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/02/13 18:30, George Kadianakis wrote:
> * Is the shutdown phase of OTR the only place where transcript 
> soundness is guaranteed? By 'transcript soundness', I mean the 
> guarantee that all participants see the exact same transcript.
> What happens, if an 3vil server drops packets in the middle of the 
> conversation? Do participants learn this only in the end of the 
> conversation?

A related threat: can a chat participant send different messages to
different participants, without this being detected until the
transcripts are compared? For example:

Alice -> Everyone: Let's make plans for Friday
Bob -> Alice: Who wants to get ice cream?
Bob -> Carol: Who want to shoot the president?
Alice -> Everyone: Ooh, me me me!

If an attacker forces the transcript comparison to fail (e.g. by
knocking the server offline before the comparison is complete), how
should the client communicate the failure to the user? I'm not sure
whether someone who's just taken part in a long multi-way conversation
will be able to make much use of a warning that says "What you just
saw may not be what everyone else saw."

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRJ0/rAAoJEBEET9GfxSfMtOoH/1uO83IWapd4Ks/v4duXpcIZ
0B71d5U51pAtJhkCrvlnpJMAiRy55LY4gKpKtAlASJRH+GYsiOzNyEr6OLDjit0o
VQIQOHsra+I2t7Ui7N+VmDb/JRA1H1+s0/Vr6424ZQR/aNcrfqJ3IiPF2ZPCYR/i
rvwq6Kgc6mSxScJD+v1pJ+f/4ddfZ8MZMaEC2txSdvDQacSfgq1/19Ph6TcrzwLX
cpsNBtVq2MyohhEg+VuOE35YpZBmWTaviLFp2JTIT+je9SSZRq16bIcWHvcFZXAq
BVRrWrQ6xGBWWvz8CVk1XZ/REQDnrKz+w1ijL0NwTFMeS6JuVtwKpi9JoaxSKuk=
=MjnR
-----END PGP SIGNATURE-----



More information about the OTR-dev mailing list