[OTR-dev] IFF meeting notes - OTRv4
dgoulet at ev0ke.net
Thu Mar 17 15:57:31 EDT 2016
I realized I completely forgot to send the list the notes from the meeting we
had in Valencia, Spain at the IFF (Internet Freedom Festival).
We've mostly discussed the OTR version 4 "design and specification".
Participants in the discussion were (nickname alphabetical order):
dgoulet, dkg, iang, infinity0, isis, olabini
(if I forgot your name, very sorry don't hesitate to fix :)
They are not very complete notes but at least they can trigger discussions.
Also, if some stuff is incorrect or it's incomplete, please complement or/and
So here are some points for the new protocol that were discussed:
== OTRv4 ==
- Kill SHA1 with fire and use SHA3.
- Ratcheting: use axolotl
- DAKE (Deniability AKE)
- Proposal is being tested and written by Ian's student. O(weeks) before
- Free feature: offline message
- Have an unauthenticated encrypted channel at the very beginning of the data
exchange. Use curve25519. One of the reason is to never have a packet on the
network that ain't encrypted or a key exchange. Useful?
- Algorithm agility is in the version protocol. Let's _NOT_ exchange ciphers
- We agree that ECC is an acceptable choice.
- No PQ for now, we'll rev. the version if we want it.
- Improve version rollback issues with v4.
(Unfortunately, I do not have the speficics on this one in the notes :S)
The short term goal here is to write a specification using those decisions
which can then be reviewed by the community and then start implementation.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 603 bytes
Desc: not available
More information about the OTR-dev