[OTR-dev] OMEMO, PFS
Greg Troxel
gdt at ir.bbn.com
Fri Nov 13 11:43:06 EST 2015
Nathan of Guardian <nathan at guardianproject.info> writes:
> On Tue, Nov 10, 2015, at 04:15 PM, Greg Troxel wrote:
>>
>> I am curious if anyone from OTR-land has comments about the pros and
>> cons of OMEMO vs OTR.
>>
>> http://conversations.im/omemo/
>>
>> In using smssecure as well as OTR, I notice an interesting property
>> which is more about the implementation than the protocol, which is that
>> keymat is stored persistently. So after having an smssecure session
>> with Alice (not her real name :-) in early June, and no texts since, I
>> was able to send one just now, and have both of our devices still have
>> the keymat and have it work. Of course that means it has persisted in
>> flash across reboots.
>
> Are you sure it was persisting key material? I think the idea with OMEMO
> is to support the Axolotl/TextSecure pre-key technique using XMPP
> infrastructure. This means, you can create a valid session key without
> the other party needing to be online.
I guess I need to go reread the protocol. I don't understand how one
can create a session key that is used to send a message to a
perhaps-offline party can work unless the other party is persisting the
key needed to decrypt.
> In addition, for ChatSecure, we proactively generate session keys for
> OTR, so that if you have an open conversation thread with someone, and
> they are online AND we detect they have a compatible XMPP resource, we
> start the OTR negotiation process. If you receive a message you cannot
> decrypt, we renegotiate the session, and then thanks to delivery
> receipts, the sender should then know to re-send the previous
> undelivered messages. The goal is to make OTR as automatic as possible,
> while still maintaining PFS, as much as possible. We only keep OTR
> session keys in RAM.
That makes sense. I didn't realize delivery receipts were wrapped up in
that, but it makes sense to reuse that vs rolling your own inside OTR.
Probably chatsecure is doing this better than other clients; I tend to
use OTR more with Adium and pidgin, just because I don't tend to xmpp on
my phone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151113/411e5b30/attachment.sig>
More information about the OTR-dev
mailing list