[OTR-dev] open source mpOTR implementation

Guy K. Kloss gk at mega.co.nz
Fri Jan 10 01:31:38 EST 2014 

Hi all,

there has been quite a lot of talk about mpOTR in the last couple of
years, but it seems that there's no usable implementation available of
it, yet. At least none that I have been able to track down.

And ... please let's not discuss any issues of repudiation of encrypted
group chat protocols in this thread.

As far as it seems from the original mpOTR paper, there are also lots of
specifications that still need to be nailed down. A lot in this respect
has happened already with some draft notes collected through the
Cryptocat project.

We've also got a need for an mpOTR implementation, and we would really
like to build our infrastructure as far on standards as possible, and
avoid too much self knit solutions where it comes to communication
interactions. Therefore, I'm reaching out with this mail to gauge for
interest within the community, and see who would have an interest in
participating in an implementation of mpOTR. From what I've seen "out
there", the obvious parties are

* The Crypto.cat project
* The Guardian project
* Jacob Appelbaum
* Some researchers from Moscow State University
* ... and possibly others ...

Anyway, I'm really keen to hear from any of you guys, and to collaborate
on any level towards (A) a sane standard, and (B) usable implementations.

We're willing to commit with resources (time and development) towards
this. Our initial needs are for a JavaScript as well as a native code
implementation. And we would like to see the fruit of this effort to be
available as open source (maybe a reference implementation) with a
liberal enough license, so that it can be utilised by as many as possible.

Our initial brainstorming has (very briefly and roughly) resulted in a
sequence of development steps according to the following:

* make an mpENC implementation, picking up the basic concepts of the
  current Crypto.cat multi-party specification (but probably divert
  a bit further from JSON-only encoding towards having a binary format
  for individual transmitted messages, to be more compliant with the
  current OTR approach).

* improve mpENC (mpENCv2) by implementing some kind of group key
  agreement (e. g. Group Diffie-Hellman) to overcome the problem of
  multiple encrypted/authenticated messages towards a single, that's
  readable by the whole group.

* go through various steps implementing further details of mpOTR
  (morphing mpENC --> mpOTR)

* ...

* mpOTR: You have reached your destination :-)

We're keen for any kind of feedback, and for any type of response
towards this collaborative effort. I'm hoping that this out reach will
inject a bit or momentum into the mpOTR efforts.

Any thoughts, calls, shouts, utterances of disgust ...?

Sunny summer greetings,

Guy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140110/c51c1a8b/attachment.pgp>

More information about the OTR-dev mailing list