[OTR-dev] making DATA_REQUEST and DATA_RESPONSE official TLVs (aka OTRDATA)

Hans-Christoph Steiner hans at guardianproject.info
Fri Dec 12 04:28:36 EST 2014

Hey all,

I'm starting the process of getting our "OTRDATA" TLV as part of the OTR
protocol officially.  We have it implemented in our version of otr4j as part
of ChatSecure (Android) and we use it as the basis for our rich messaging, so
voice messages, images, etc. are sent via OTRDATA.  Its been working for over
a year now, and I'm now integrating it into the standard otr4j for easy
adoption for any app based on otr4j (Jitsi, Xabber, Conversations, etc.).

We chose to implement data transfer in-band for a few reasons:

* for small data transfers (e.g. voice messages, small images, etc), the
messages would be indistinguishable from standard text messages to the network

* if an OTR session is established, then we are guaranteed a working,
bidirectional data transfer session, so many direct transfer methods fail
because of NAT

* other file transfer protocols for XMPP often negotiate a direct connection
between the two parties, which is a privacy leak

* OTRDATA works wherever there is OTR, so it'll work on top of many protocols
(XMPP, AIM, IRC, etc).

Here is the overview of the protocol:


PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the OTR-dev mailing list