[OTR-dev] Thinking about mpOTR and secure multiparty chat protocols in general

[Jacob Appelbaum]

Michael Rogers:
> On 21/02/13 18:30, George Kadianakis wrote:
>> * Is the shutdown phase of OTR the only place where transcript 
>> soundness is guaranteed? By 'transcript soundness', I mean the 
>> guarantee that all participants see the exact same transcript.
>> What happens, if an 3vil server drops packets in the middle of the 
>> conversation? Do participants learn this only in the end of the 
>> conversation?
> 
> A related threat: can a chat participant send different messages to
> different participants, without this being detected until the
> transcripts are compared? For example:
> 
> Alice -> Everyone: Let's make plans for Friday
> Bob -> Alice: Who wants to get ice cream?
> Bob -> Carol: Who want to shoot the president?
> Alice -> Everyone: Ooh, me me me!
> 
> If an attacker forces the transcript comparison to fail (e.g. by
> knocking the server offline before the comparison is complete), how
> should the client communicate the failure to the user? I'm not sure
> whether someone who's just taken part in a long multi-way conversation
> will be able to make much use of a warning that says "What you just
> saw may not be what everyone else saw."
> 

This is possible with some multi-party chat systems today. I've pointed
it out to the relevant developers, some a few years ago - few actually
solved the problem in a strong way, if at all.

All the best,
Jacob