[OTR-dev] Allow OTR to use one of my OpenPGP sub/keys?
cypherpunks.boxy at xoxy.net
cypherpunks.boxy at xoxy.net
Thu Nov 7 09:53:39 EST 2013
>> cypherpunks.boxy at xoxy.net wrote:
>> Any thoughts on allowing OTR to grab a key from an OpenPGP cert?
> Ximin Luo <infinity0 at gmx.com> wrote:
> See this discussion[1] and subsequent messages.
Thanks, very interesting...
> TL;DR version is yes you can do it, and some of us want to do it. The
> least problematic workflow that is most compatible with existing
> workflows is:
> - have a tool, e.g. some extension to monkeysphere, that creates an
> Authentication-use subkey with the critical notation that says
> something like "for OTR use only"
Why would it have to be only for OTR use? In Pidgin, there is also a
GPG plugin. Why couldn't we use the same key for that, in case we're
comfortable with receiving an asynchronous communication?
> [...]
> - have yet another tool that scans your otr application for collected
> public keys, and tries to verify their validity against your PGP trust
> database, optionally downloading missing keys from keyservers.
I wonder if this way, things might get a bit too fragmented? Perhaps a
key management interface to the chat client, which any encryption plugin
might use? (See my other post in this thread:
http://lists.cypherpunks.ca/pipermail/otr-dev/2013-November/001990.html.)
> X
More information about the OTR-dev
mailing list