[OTR-users] OTR and CHAT question

[Robert Ryan]

Alex wrote:

> I think what he meant was that the user should have to decrypt the
> private key in order to start a chat. I dislike webs of trust
> because they become entangled and chaotic (revocation certificates, and
> all that other garbage). However I do think that an encrypted private
> key would be a step in the right direction to protect against stolen
> laptops.
> 

True, but it still doesn't provide your contact any assurance that they
are really talking to you. It also doesn't solve the key revocation problem.

It would be easy for a trojan to wait until the file is decrypted and
then lift it.

Some form of key revocation is needed in case your keys are lost or stolen.
-- 
Robert Ryan
Thunderbird + Enigmail + GnuPG
Gaim + OTR