[OTR-dev] Are the security issues outlined in the 2005 Raimondo paper fixed?
Kjell Braden
afflux at pentabarf.de
Sun Nov 10 04:16:54 EST 2013
On 10.11.2013 01:46, Greg wrote:
> My sincere apologies if this has already been answered somewhere.
>
> The relevant paper can be found at this link, and elsewhere:
>
> http://www.dmi.unict.it/diraimondo/web/wp-content/uploads/papers/otr.pdf
>
> Are the issues this paper brought up still relevant in today's "Off-the-Record Messaging Protocol version 3"?
>
> Many thanks for your help,
>
> Greg
Hi Greg,
the paper appears to apply to a signed DH key exchange as it was used
in OTRv1. It was replaced by a SIGMA AKE (which given as an alternative
in the paper) in OTRv2, so my understanding is that this issue is fixed.
Cheers
--
Kjell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 293 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20131110/e18bb98b/attachment.pgp>
More information about the OTR-dev
mailing list