[OTR-users] Progress on OTR flaws
Gregory Maxwell
gmaxwell at gmail.com
Wed Jun 28 18:26:51 EDT 2006
On 6/28/06, Alex <alex323 at gmail.com> wrote:
> Has there been any new development on OTR which addresses the flaws
> outlined in "Finite-State Security Analysis of OTR Version 2"?
I'd be more interested in seeing a reply than 'fixes' ... some of the
flaws they found are in my eyes not actually flaws.
For example they show a a third party with complete control of the
network can prevent a forth party from obtaining the correct MAC keys
needed to forge the discussion. They claim that this breaks the strong
denyability aspect of OTR, but I disagree. It is immaterial if the
forth party could have forged the messages because the messages could
have been forged by the third party (or by either of the folks
communicating).
More information about the OTR-users
mailing list