[OTR-dev] About an mpOTR implementation
Ximin Luo
infinity0 at pwned.gg
Wed Nov 4 08:59:55 EST 2015
On 04/11/15 13:07, mandragore wrote:
> We would like to solicit your feedback on multi-party OTR. Is there
> interest in it from the side of developers and users? Has there been any
> implementation work outside the theoretical framework linked above? What
> would be the right approach to start with this implementation?
It depends on what you want to achieve. There is more depth to group chat than can be fit into a typical undergrad course. Good students might be able to write a stub implementation that fits limited academic considerations, but then miss considering real-world issues. Building a working system that will last the years (as OTR has done) requires engineering experience more than undergrad students typically have - unless you've already been contributing to popular FOSS projects for say, 3-5 years.
The original mpOTR paper you linked to is missing some specific components, and wouldn't be suitable for direct implementation.
Here are a few good recent survey papers:
- Innovation in end-to-end encrypted communication tools (Joe Bonneau, RWC 2015)
- SoK: Secure Messaging (Lots of people, IEEE Symposium on Security and Privacy 2015)
You should definitely read these first, before trying to design your own system.
Lots of mostly-unstructured discussion here:
https://moderncrypto.org/mail-archive/messaging/
It will be hard to understand the context of some of these discussions, unless you read the above survey papers first (and maybe also look into the systems mentioned within those papers).
I have some very rough notes on the matter here:
https://github.com/infinity0/msg-notes/
With MEGA, I've also been working on an actual running system. I finished writing a design document recently, and have asked if I can share it with you guys.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
More information about the OTR-dev
mailing list