[OTR-dev] Allow OTR to use one of my OpenPGP sub/keys?
Ximin Luo
infinity0 at gmx.com
Wed Nov 6 07:37:48 EST 2013
On 06/11/13 12:31, Ximin Luo wrote:
> On 06/11/13 12:22, cypherpunks.boxy at xoxy.net wrote:
>>
>> Any thoughts on allowing OTR to grab a key from an OpenPGP cert?
>>
>> It might restrict the keys it grabs to those with a uid matching the
>> account.
>>
>> That would allow us to manage our own keys, instead of generating scads
>> of new ones; and it would allow OTR to be leveraged by the WoT.
>>
>> /DA
>>
>> (Not a dev here. Forgive me if the question's been asked.)
>>
>
> See this discussion[1] and subsequent messages.
>
> TL;DR version is yes you can do it, and some of us want to do it. The least
> problematic workflow that is most compatible with existing workflows is:
>
> - have a tool, e.g. some extension to monkeysphere, that creates an
> Authentication-use subkey with the critical notation that says something like
> "for OTR use only"
> - have another (or the same) tool to convert this PGP subkey into an OTR
> subkey, and installs it in the right place.
>
I should add a third component too:
- have yet another tool that scans your otr application for collected public
keys, and tries to verify their validity against your PGP trust database,
optionally downloading missing keys from keyservers.
(monkeysphere has analogues of all these already, but for SSH keys).
> There also needs to be some research on which specific cipher algorithms we
> can/can't use, because PGP/OTR uses different ones IIRC.
>
> X
>
> [1] http://lists.cypherpunks.ca/pipermail/otr-users/2013-June/002211.html
>
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20131106/4b16c45b/attachment.pgp>
More information about the OTR-dev
mailing list