[OTR-dev] Peer validity TLV

Greg Troxel gdt at ir.bbn.com
Sat Oct 3 07:57:01 EDT 2015


Ola Bini <list at olabini.se> writes:

> Hi,
>
> Lately I've been thinking about how to communicate the decisions OTR is mak=
> ing in such a way that users can make informed choices based on
> that. I realized that one thing I've missed when using OTR-enabled clients =
> is the possibility of knowing whether my peer has validated my
> key or not.

Two questions:

  Why is it useful for you to know if the other side has marked your key
  as valid?

  Why is it ok, from a security viewpoint, for them to disclose that to
  you?


I don't mean these to be accusatory, but I think rationale for them
should be part of a proposal to add something.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151003/d47405d9/attachment.sig>


More information about the OTR-dev mailing list