[OTR-dev] IFF meeting notes - OTRv4

[David Goulet]

Hi!

I realized I completely forgot to send the list the notes from the meeting we
had in Valencia, Spain at the IFF (Internet Freedom Festival).

We've mostly discussed the OTR version 4 "design and specification".

Participants in the discussion were (nickname alphabetical order):
    dgoulet, dkg, iang, infinity0, isis, olabini
(if I forgot your name, very sorry don't hesitate to fix :)

They are not very complete notes but at least they can trigger discussions.
Also, if some stuff is incorrect or it's incomplete, please complement or/and
correct.

So here are some points for the new protocol that were discussed:

---
== OTRv4 ==

- Kill SHA1 with fire and use SHA3.

- Ratcheting: use axolotl
  Ref: https://github.com/trevp/axolotl/wiki

- DAKE (Deniability AKE)
  Ref: https://cs.uwaterloo.ca/~iang/pubs/dake-ccs15.pdf
    - Proposal is being tested and written by Ian's student. O(weeks) before
      seeing something.
    - Free feature: offline message

- Have an unauthenticated encrypted channel at the very beginning of the data
  exchange. Use curve25519. One of the reason is to never have a packet on the
  network that ain't encrypted or a key exchange. Useful?

- Algorithm agility is in the version protocol. Let's _NOT_ exchange ciphers
  list.

- We agree that ECC is an acceptable choice.

- No PQ for now, we'll rev. the version if we want it.

- Improve version rollback issues with v4.
  (Unfortunately, I do not have the speficics on this one in the notes :S)
---

The short term goal here is to write a specification using those decisions
which can then be reviewed by the community and then start implementation.

Thanks!
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20160317/d854a29a/attachment.sig>