[OTR-dev] Multiple accounts
Hans-Christoph Steiner
hans at guardianproject.info
Mon Jul 1 11:12:53 EDT 2013
I'm not an OTR dev, but I spend a lot of time thinking about these issues
since I'm working on OTR key syncing. I think the reason you outlined, not
automatically cryptographically linking accounts is a good one. I think it
makes sense to generate a key per account by default to leak as little info as
possible. Then focus on making the key verification process as easy as
possible, and its win/win. SMP questions are step in that direction, but I
still think they are too hard to be generally useful.
You might be interested in our project OTR File Converter, which aims to
parse/write all the common OTR file formats, and also sync all of the info
between them. Right now, we support Adium, Pidgin, Gibberbot, and Jitsi. The
GUI is a big rough but in the next couple weeks, we are planning a new release
for Mac OS X, Windows, and GNU/Linux.
https://github.com/guardianproject/otrfileconverter
.hc
On 06/30/2013 06:51 PM, Kurt Roeckx wrote:
> Hi,
>
> It seems all the client I've look at generate a key per account
> that I have. Is this intentional? Why?
>
> I would expect that if I talk to what I believe is the same
> person, even if it's an other protocol that I'm using to talk,
> that that person would use the same key and that I didn't have
> to authenticate the person anymore. The same of course works
> in both ways. If the same key is used, I can actually be sure
> that I'm talking to the same person.
>
> The only good reason I can see to have a different key is that
> you don't want people to know that it's the same person.
>
> A related issue seems to be that none of the clients I've
> used seem to have a way to import or export keys. They all seem
> to be using their own way to store things, and don't even seem
> to have an option to protect it with a password.
>
> So it basicly means if I have 2 applications or 2 devices,
> I even and up with 2 keys for the same protocols, which to me
> makes little sense.
>
>
> Kurt
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
More information about the OTR-dev
mailing list