[OTR-dev] Multiple accounts
gdt at ir.bbn.com
Tue Jul 2 10:12:10 EDT 2013
Howard Chu <hyc at symas.com> writes:
> Jonas Wielicki wrote:
>> Adding complications such as key sync, key management, revocation etc.
>> is not what I consider useful for the general case.
> Indeed, it completely misses the point. OTR provides repudiable
> communication. Unifying all your keys would weaken or destroy that
Not true - OTR's signing key to authenticate a session is similar to
OpenPGP. The difference is that session keys are authenticated, not
messsage content, and repudiability (word?) is achieved by using
symmetric MACs and disclosiing them. So strengthening the
authentication key into a real PKI of some sort would not break the
I'd like to see a way to:
1) sign an OTR signing key with an OpenPGP key
2) use OpenPGP to verify a peer's OTR signing key
3) (perhaps) send the signature from 1 via OTR
with all of this (at least 1 and 3) being optional, with no change to
behavior if not done.
Checking keys is hard, and sharing that work among multiple channels
seems like a win.
More information about the OTR-dev