[OTR-users] Feature request- Revoke identity
Len Sassaman
rabbi at abditum.com
Tue Nov 22 11:57:25 EST 2005
On Fri, 18 Nov 2005, Paul Wouters wrote:
> Uhm, couldn't the attacker do the same with with the stolen key, and
> inject new false identities to your buddies too?
>
> I'd prefer using OTR identities in GPG (sub)keys. There you can do all the
> revoke/sign/trust relationships already. We just need to bind those to OTR
> identities (with a special (sub)key combing my GPG entity with my OTR keys
> and IM identities).
If you're going to do this, you probably want to talk to the OpenPGP folks
about creating an OTR-specific packet for this purpose. However, I think
that tying OTR into OpenPGP is probably somewthing we want to avoid -- the
Web of Trust is a pretty bad idea, from a privacy-concern standpoint.
More information about the OTR-users
mailing list