[OTR-users] diffie-hellyes
CLAY SHENTRUP
CLAY at BROKENLADDER.COM
Wed Jun 22 19:25:50 EDT 2005
I haven't read the OTR spec in awhile, but I seem to recall that
one digitally signs the AES key derived from the Diffie-Hellman
transaction. Why not simply sign only your own public value in
the Diffie-Hellman process? If the other party sign's his, then
you know with confidence the shared secret (private key) that
you will both generate. This seems to provide substantially
better deniability, because there's no way to prove you ever
even knew the other party's public value and generated the
shared secret. You could deny that you had ever even seen that
private key. Does this make sense?? Am I missing something?
Is this how it's already done and I just misunderstood?
Just curious..
I think the next step on this plug-in, and I wish I had the time
to help, would be to make the equivalent of mixminion for IM.
Essentially, your message is encrypted like those little Russian
dolls, so that the next person in the line can encrypt a layer,
and then on down the line, until the final party can view the
message, and an outside observer would be hard pressed to
discover who you were talking to. Maybe this is too process
intensive, since it would require successive RSA decryption to
peel away the layers, as well as the permission of various
people on a network. Just a thought..
Clay
--------------------------------------------------
ENCRYPTED MESSAGES ARE PREFERRED. PLEASE USE
THE PGP PUBLIC KEY FOR BROKEN LADDER AT
HTTP://ESKILO.WARPMAIL.NET/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20050622/1a58059c/attachment.html>
More information about the OTR-users
mailing list