[OTR-dev] Security guarantee of OTR AKE
U.Mutlu
um at mutluit.com
Fri Dec 11 01:19:20 EST 2015
Hi,
I'm trying to study the OTR protocol and have got some questions.
According to the protocol specification at
https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
OTR does not need pre-exchanging of the long-term public keys.
I wonder then how secure the OTR AKE is or can be, because people have
repeatedly told me that two parties with no relationship basically
cannot communicate securely. So I'm surprised to see that
OTR seems to have solved this differently.
So, my question is: does OTR protect against impersonation and MITM
in the AKE phase? Or is it a TOFU protocol like SSH?
--
Thx
U.Mutlu
More information about the OTR-dev
mailing list