[OTR-users] OTR and CHAT question
Jiann-Ming Su
sujiannming at gmail.com
Thu Jan 25 16:21:43 EST 2007
On 1/25/07, Greg Troxel <gdt at ir.bbn.com> wrote:
>
>
> Also, c2s encryption doesn't provide deniability and does not
> necessarily provide PFS....
>
> Further, "necessary" is an individual judgement (which should be)
> based on threat models and costs, and it therefore doesn't make any
> sense at all to make general statements about what is necessary.
>
> I use OTR even though I run my own jabber servers and use TLS to it,
> and transport-mode IPsec between servers. You might choose to as well
> if you noticed the black helicopters that follow you around :-)
>
How do you protect the OTR keys from unauthorized use? When I
initiate an OTR chat now, I'm not asked for any authentication from
the private keys. What happens if a trusted user's laptop gets
stolen, or his workstation gets compromised? Can't the
intruder/untrusted user start a trusted/verfied OTR chat session?
--
Jiann-Ming Su
"I have to decide between two equally frightening options.
If I wanted to do that, I'd vote." --Duckman
"The system's broke, Hank. The election baby has peed in
the bath water. You got to throw 'em both out." --Dale Gribble
More information about the OTR-users
mailing list