[OTR-dev] Multiple accounts

[Hans-Christoph Steiner]

On 07/02/2013 10:12 AM, Greg Troxel wrote:
> 
> Howard Chu <hyc at symas.com> writes:
> 
>> Jonas Wielicki wrote:
>>> Adding complications such as key sync, key management, revocation etc.
>>> is not what I consider useful for the general case.
>>
>> Indeed, it completely misses the point. OTR provides repudiable
>> communication. Unifying all your keys would weaken or destroy that
>> property.
> 
> Not true - OTR's signing key to authenticate a session is similar to
> OpenPGP.  The difference is that session keys are authenticated, not
> messsage content, and repudiability (word?) is achieved by using
> symmetric MACs and disclosiing them.   So strengthening the
> authentication key into a real PKI  of some sort would not break the
> repudiability property.
> 
> I'd like to see a way to:
> 
>   1) sign an OTR signing key with an OpenPGP key
> 
>   2) use OpenPGP to verify a peer's OTR signing key
> 
>   3) (perhaps) send the signature from 1 via OTR
> 
> with all of this (at least 1 and 3) being optional, with no change to
> behavior if not done.
> 
> Checking keys is hard, and sharing that work among multiple channels
> seems like a win.

This is what projects like monkeysphere and our PSST project are working
towards.  Our current idea is to try to make the PGP offline master key model
as easy as possible.  Then use subkeys for daily use in OTR, PGP, SSH, etc.
The signing happens for the master key, but since the subkeys are the only
ones in daily use, it is much easier to revoke them if they get compromised,
and then generate new subkey that maintain the existing trust relationships.

One idea to explore is using the gpg-agent as the keyring for all this.  Its
already widely ported and deployed, and well tested.

.hc