[OTR-dev] Question: Is OTR end to end encrypting ?

Chris Ballinger chris at chatsecure.org
Mon Mar 3 14:09:22 EST 2014

OTR is end-to-end but requires users to verify their contact's fingerprints
to prevent active MITM attacks

On Mon, Mar 3, 2014 at 5:19 AM, Randolph <rdohm321 at gmail.com> wrote:

> Hello
> one simple question about OTR, when I use OTR, then encryption is done
> between user and user or client and server?
> So is the way: UserclientA->Server1->Server2->userclientB is secured end
> to end?
> OTR means D/H Exchange, what about the possible human beeing in the midde
> attack, that server 2 is sending back a faked key and pretends to be
> userclientB ?
> Plans OTR to implement an end to end key, that is sent over an otr
> connections, so that asymmetric encryption can be switched to symmetric
> encryption?
> That way even clients could participate, which have not otr implemented
> (by giving the end to end key over seperate channel, not otr)
> Regards
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140303/de511335/attachment.html>

More information about the OTR-dev mailing list