[OTR-dev] Thinking about mpOTR and secure multiparty chat protocols in general

George Kadianakis desnacked at riseup.net
Mon Mar 11 11:43:17 EDT 2013

Louis Granboulan <louis.r.granboulan at gmail.com> writes:

> Hello,
> George Kadianakis wrote:
>> this is a post about mpOTR and secure multiparty chat protocols in
>> general. I'm very interested in the secure multiparty chat problem,
>> and I _really_ want to see it moving forward.
> Did you look at the work at
> https://crypto.di.ens.fr/projects:pampa:main
> and the software at
> https://bitbucket.org/pampa/pake-im
> ?

Thanks for pointing me to these projects. They also reminded me of an
issue I forgot to touch in my original post: authentication.

The mpOTR paper touches authentication in section 2.2. It assumes that
pubkeys for each participant were pre-shared out-of-band (which
probably leads to a fingerprint verification step) , but it doesn't
really examine a password-based authentication solution (which is
quite useful in some use cases). The mpOTR paper mentions that the
SMP-based authentication of OTR is only suitable for pairwise
authentication, but it doesn't mention a similar scheme that would be
useful in group environments. The papers that Louis mentioned in
https://crypto.di.ens.fr/projects:pampa:main could be useful in group

Another interesting authentication case is what happens if the
authentication fails only for some participants of the
conversation. Do they leave the chat? If they do so, do they also warn
the other participants that something sketchy is happening, or is it
every man for himself? The mpOTR paper briefly explores this issue in
the final paragraph of section 2.2.

(Louis' post did not get published to otr-dev for some reason. Maybe
he is not subscribed.)

More information about the OTR-dev mailing list