[OTR-dev] a single secret key for all accounts?
Hans-Christoph Steiner
hans at guardianproject.info
Fri Nov 1 14:54:03 EDT 2013
On 11/01/2013 11:06 AM, Tom Ritter wrote:
> On Nov 1, 2013 5:54 AM, "Ximin Luo" <infinity0 at gmx.com> wrote:
>> If two accounts use the same key, it's clear they are the same person. Can you
>> think of a situation where this might not be desirable?
>
> Any situation where people do not want to disclose those accounts are
> the same person? It's certainly necessarily to _retain_ that option.
> (Whether it be in the same UI, or in some type of 'Persona' UI where
> the entire application switches over and there's no chance of
> confusing things.)
>
> I agree the situation is annoying now[0], but it does default to
> 'safe'. Instead of necessarily defaulting to 'unsafe'[1], maybe the
> answer is "Make it way, way easier in applications to do the common
> but potentially unsafe thing?"
>
> Caveat: I do not work in the field with actual users, Nathan does.
>
> -tom
>
> [0] See my workaround: http://ritter.vg/misc/stuff/otr.txt
> [1] For a particular definition of safe, admittedly
So yes, that would be a problem. So this could be presented to the user as a
choice during the initial keysync. Something like "Link these identities
together?" then list the identities for the user to select with to link, and
which to leave with its own key.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the OTR-dev
mailing list