[OTR-dev] a single secret key for all accounts?

Tom Ritter tom at ritter.vg
Fri Nov 1 11:06:12 EDT 2013


On Nov 1, 2013 5:54 AM, "Ximin Luo" <infinity0 at gmx.com> wrote:
> If two accounts use the same key, it's clear they are the same person. Can you
> think of a situation where this might not be desirable?

Any situation where people do not want to disclose those accounts are
the same person?  It's certainly necessarily to _retain_ that option.
(Whether it be in the same UI, or in some type of 'Persona' UI where
the entire application switches over and there's no chance of
confusing things.)

I agree the situation is annoying now[0], but it does default to
'safe'.  Instead of necessarily defaulting to 'unsafe'[1], maybe the
answer is "Make it way, way easier in applications to do the common
but potentially unsafe thing?"

Caveat: I do not work in the field with actual users, Nathan does.

-tom

[0] See my workaround: http://ritter.vg/misc/stuff/otr.txt
[1] For a particular definition of safe, admittedly



More information about the OTR-dev mailing list