[OTR-dev] IFF meeting notes - OTRv4
Paul Wouters
paul at cypherpunks.ca
Thu Mar 17 17:26:46 EDT 2016
On Thu, 17 Mar 2016, David Goulet wrote:
> We've mostly discussed the OTR version 4 "design and specification".
Thanks for the notes!
> - Kill SHA1 with fire and use SHA3.
I'd be okay with SHA2 or SHA3 at this point.
> - Ratcheting: use axolotl
> Ref: https://github.com/trevp/axolotl/wiki
good :)
> - DAKE (Deniability AKE)
> Ref: https://cs.uwaterloo.ca/~iang/pubs/dake-ccs15.pdf
> - Proposal is being tested and written by Ian's student. O(weeks) before
> seeing something.
> - Free feature: offline message
Not qualified to comment on :P
> - Have an unauthenticated encrypted channel at the very beginning of the data
> exchange.
How is that different from v3?
> Use curve25519.
Why not Curve448? We are talking about high value content that might
decades of confidentiality. See https://tools.ietf.org/html/rfc7748#section-7
There is no mention of AES in these notes. I assume there is at least a
move from AES128 to AES256?
> - Algorithm agility is in the version protocol. Let's _NOT_ exchange ciphers
> list.
Will the default be at first to speak both 3 and 4? eg using ?OTRv34?" Is
there some assurance this would be safe against a downgrade attack so
that two clients capable of speaking v4 will not end up on v3 and thus
have a far lower security due to aes128/sha1/modp1536 ?
> - Improve version rollback issues with v4.
Probably related?
Thanks,
Paul
More information about the OTR-dev
mailing list