automating GPG/OTR lookups, was Re: [OTR-users] generating keys
Paul Wouters
paul at cypherpunks.ca
Fri Nov 11 11:41:06 EST 2005
On Thu, 10 Nov 2005, CLAY SHENTRUP wrote:
> my only point leading into this was simply, i don't want a different key
> made for every resource. there should just be one key generated per account
> per .gaim folder. this also makes sense with respect to the fact that
> non-jabber accounts don't even have "resource".
I think the only way to do this (ofcourse assuming you want to publicly
link your identity to an OTR identity to begin with) is to have one key
with subkeys as identities.
> as for using gpg; if you want to do it, just put your pgp-signed otr
> fingerprint on your web site, or as an email attachment. wouldn't that
> suffice?
The whole point is that this approach does not automate in a plugin for
people. I want the otr plugin to check my public pgp key ring, and then
be able to automatically verify keys signed by people I trust through my
web of trust. Eg If I have Ian's key, and i trust him fully, and he has
signed Nikita's key, then if Nikita OTR's me, I want to see a verified
fingerprint without me doing anything.
Paul
--
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the OTR-users
mailing list