[OTR-dev] Security guarantee of OTR AKE

U.Mutlu um at mutluit.com
Fri Dec 11 01:19:20 EST 2015

I'm trying to study the OTR protocol and have got some questions.
According to the protocol specification at 
OTR does not need pre-exchanging of the long-term public keys.
I wonder then how secure the OTR AKE is or can be, because people have
repeatedly told me that two parties with no relationship basically
cannot communicate securely. So I'm surprised to see that
OTR seems to have solved this differently.
So, my question is: does OTR protect against impersonation and MITM
in the AKE phase? Or is it a TOFU protocol like SSH?


More information about the OTR-dev mailing list