[OTR-dev] xmpp, otr vs centralized-storage messaging

[Greg Troxel]

Some of my friends have been moving away from XMPP/OTR to chat services
that have centralized storage of plaintext (and proprietary software
that only works on one platform, but that's not really relevant).  While
it's easy to criticize centralized plaintext, the usability issues are
more complex.

With the centralized plaintext service, one can continue chats across
multiple devices, and move from computer to phone to tablet; turning on
a device results in it connecting the serveer and getting the history.
This has terrible security properties, but it's very handy.

With xmpp, messages go to the current resource, more or less, so this
history access doesn't work.  With OTR, messages are encrypted to a
particular xmpp client on one machine.  That's a feature, really, in
that there is no server plaintext, but it's also less usable.

So, I wonder if it is time to think about how some new version of or
improvements to xmpp and otr could result in a system that has the
security properties of otr, more or less, and the usability properties
of being able to continue across multiple devices.

I wonder about having a server store more or less OTR ciphertext, but
having each message encrypted to keys for all of a user's
currently-set-up devices.   One would lose integrity for off-line
devices (when they connect and get old messages, the MAC keys would have
been disclosed, so there's no guarantee they haven't been tampered
with).  But that seems like a small issue compared to now.

One could argue that there's a loss of or risk of loss of
confidentiality, due to multiple devices and keys.  But it's much less
Rthan the loss from using centralized plaintext storage.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20141019/1dce63b9/attachment.pgp>