[OTR-users] OTR and CHAT question
Robert Ryan
rbrt_ryn at yahoo.com
Fri Jan 26 17:36:15 EST 2007
Paul Wouters wrote:
> On Thu, 25 Jan 2007, Jiann-Ming Su wrote:
>> Can't the intruder/untrusted user start a trusted/verfied OTR chat
>> session?
>
> Yes. One could add a passphrase to encrypt/decrypt those files at
> startup, giving the victim some more time to tell their friends about
> ditching the keys.
The trouble is that there is no way to officially revoke those keys. So
unless you can meet all of your OTR contacts face to face they will have
no idea which keys are really yours.
Again, PGP is probably the best way to solve this provided your contacts
trust your PGP key.
--
Robert Ryan
Thunderbird + Enigmail + GnuPG
Gaim + OTR
More information about the OTR-users
mailing list