[OTR-users] wiretapping
Greg Troxel
gdt at ir.bbn.com
Mon Jun 13 10:15:07 EDT 2005
Ian Goldberg <ian at cypherpunks.ca> writes:
> The OTR protocol encrypts the messages between Alice's computer and
> Bob's computer. Although the messages still go through the provider's
> servers, the provider is unable to read them.
In an earlier message, I mentioned that it would be hard for an
attacker to repeatedly mount a man-in-the-middle attack. However, a
service provider such as AOL could easily do this for a pair of
correspondents. But, widespread MITM activity would likely be
detected, so it's unclear how bad a risk this is unless they are after
you specifically.
> OTR also allows Alice and Bob to verify each other's "fingerprints",
> in order to combat so-called "man-in-the-middle" attacks. [Note that
> some other IM encryption mechanisms, such as Trillian SecureIM, don't
> provide such protection, and then the IM provider could in fact read the
> contents of the supposedly private conversation.]
The possibility -- and ease of mounting - of a service provider MITM
attack is a strong argument for viewing unconfirmed signing keys as an
'uneasy' rather than 'good' state.
Perhaps the OTR distribution should have a jabber server module to
MITM OTR, in the same spirit as the forgery toolkit.
--
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-users
mailing list