[OTR-dev] Multiple accounts

Hans-Christoph Steiner hans at guardianproject.info
Mon Jul 1 11:12:53 EDT 2013


I'm not an OTR dev, but I spend a lot of time thinking about these issues
since I'm working on OTR key syncing.  I think the reason you outlined, not
automatically cryptographically linking accounts is a good one.  I think it
makes sense to generate a key per account by default to leak as little info as
possible.  Then focus on making the key verification process as easy as
possible, and its win/win.  SMP questions are step in that direction, but I
still think they are too hard to be generally useful.

You might be interested in our project OTR File Converter, which aims to
parse/write all the common OTR file formats, and also sync all of the info
between them.  Right now, we support Adium, Pidgin, Gibberbot, and Jitsi.  The
GUI is a big rough but in the next couple weeks, we are planning a new release
for Mac OS X, Windows, and GNU/Linux.

https://github.com/guardianproject/otrfileconverter

.hc

On 06/30/2013 06:51 PM, Kurt Roeckx wrote:
> Hi,
> 
> It seems all the client I've look at generate a key per account
> that I have.  Is this intentional?  Why?
> 
> I would expect that if I talk to what I believe is the same
> person, even if it's an other protocol that I'm using to talk,
> that that person would use the same key and that I didn't have
> to authenticate the person anymore.  The same of course works
> in both ways.  If the same key is used, I can actually be sure
> that I'm talking to the same person.
> 
> The only good reason I can see to have a different key is that
> you don't want people to know that it's the same person.
> 
> A related issue seems to be that none of the clients I've
> used seem to have a way to import or export keys.  They all seem
> to be using their own way to store things, and don't even seem
> to have an option to protect it with a password.
> 
> So it basicly means if I have 2 applications or 2 devices,
> I even and up with 2 keys for the same protocols, which to me
> makes little sense.
> 
> 
> Kurt
> 
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
> 



More information about the OTR-dev mailing list