[OTR-dev] Thinking about mpOTR and secure multiparty chat protocols in general
Ileana
ileana at fairieunderground.info
Fri Feb 22 13:29:03 EST 2013
On Fri, 22 Feb 2013 11:00:59 +0000
Michael Rogers <michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 21/02/13 18:30, George Kadianakis wrote:
> > * Is the shutdown phase of OTR the only place where transcript
> > soundness is guaranteed? By 'transcript soundness', I mean the
> > guarantee that all participants see the exact same transcript.
> > What happens, if an 3vil server drops packets in the middle of the
> > conversation? Do participants learn this only in the end of the
> > conversation?
>
> A related threat: can a chat participant send different messages to
> different participants, without this being detected until the
> transcripts are compared? For example:
>
> Alice -> Everyone: Let's make plans for Friday
> Bob -> Alice: Who wants to get ice cream?
> Bob -> Carol: Who want to shoot the president?
> Alice -> Everyone: Ooh, me me me!
This particular threat can be mitigated by sending encrypted signed
hashes of received messages back to every party. Is there already a
temporary signing key that is used, or is the mac key sufficient?
A party receiving different hashes at each point would prompt a message
to the user that party x is sending false messages.
Assumes messages are sequence numbered.
Users A, B, C, D
A -> msg to B, C
A -> diff message to D
B,C, D -> send signed hash to A, B, C, D
A, B, C, D compare results with recieved/sent text
A-> detects different hash for D, resends message to D
B, C -> detect different message, sends "resend message" to A, D.
A -> resends message to B, C
D-> resends hash to B, C
(if hash matches new message)
B, C -> sends hash to A, B, C, D
(if hash is different)
B, C -> sends authentication error to all parties, system warns user
of A
Kind of complicated, and a lot of network traffic.
More information about the OTR-dev
mailing list