[OTR-dev] OTR version 4 Draft #2

Carsten Mattner carstenmattner at gmail.com
Fri Mar 16 18:55:32 EDT 2018


On 3/16/18, Sofia <sofia at autonomia.digital> wrote:
> Hey!
>
> I am Sofia from the team that previously sent a draft of the OTRv4
> protocol. We, as a team, would like to present the third version of this
> draft. It has been reviewed by Ian and Nik two times in the interim. The
> draft is at Github[1].
>
> There are many changes on this version as compared with the version 3 of
> the OTR protocol. Just to briefly summarize them:
>
> * Security level raised to 224 bits and based on Elliptic Curve
> * Cryptography (ECC) (using ed448, Goldilocks, -huge thanks to Mike
> Hamburg!-).
> * Additional protection against transcript decryption in the case of ECC
> compromise.
> * Support for both online and offline conversations.
> * Support for an out-of-order network model.
> * The following cryptographic primitives and protocols have been updated:
>   * Deniable authenticated key exchanges (DAKE) using "DAKE with Zero
> Knowledge" (DAKEZ) and "Extended Zero-knowledge Diffie-Hellman" (XZDH).
> DAKEZ corresponds to conversations when both parties are online
> (interactive) and XZDH to conversations when one of the parties is
> offline (non-interactive).
>   * Key management using the Double Ratchet Algorithm.
>   * Upgraded SHA-1 and SHA-2 to SHAKE-256.
>   * Switched from AES to XSalsa20.
> * Support for different modes in how the specification can be used
> (OTRv4 only, OTRv4+v3 compatibility mode, OTRv4 interactive only).
> * Explicit instructions for producing forged transcripts using the same
> functions used to conduct honest conversations.

Thank you for working on this! I still use XMPP+OTRv3 because:

1. XMPP has comfortable clients of choice (on desktop, native)
2. OTRv3 just works
3. OMEMO is only supported in a few clients and incompletely at that,
   and it doesn't work seamlessly like libotr integration in Pidgin
   or mcabber

I suppose (couldn't find it) that there is a libotr branch implementing
the draft, right? This is very important if we want to upgrade pidgin,
weechat, mcabber, jackline, adium, etc to OTRv4.


More information about the OTR-dev mailing list