[OTR-users] What we can expect in future? / file transfer via OTR?
Ian Goldberg
ian at cypherpunks.ca
Mon Nov 26 18:23:17 EST 2007
On Mon, Nov 26, 2007 at 10:42:27AM -0500, Gregory Maxwell wrote:
> On Nov 26, 2007 10:24 AM, Michael Reichenbach
> <michael_reichenbach at freenet.de> wrote:
> [snip]
> > Imho OTR is a protocol and it`s in final version and no good idea to
> > change it because many clients implement it.
In fact, it was built for extensibility, so adding a feature like this
wouldn't break anything.
> It may be possible for OTR to help offer encrypted file transfer with
> very little change to the protocol. Simply provide an interface in
> OTR for OTR to send an empty message then return the encryption key
> and mac key used for that message. The client would then encrypt the
> file using those keys and send the file through the normal file
> transfer means. The remote client could use the same keys.
>
> Some work would need to be included to defer the release of that mac
> key until the file was received... but we're not talking a complete
> protocol overhaul.
Indeed, adding a new TLV type which basically says "expect a file
transfer with this specified transfer cookie, to be encrypted and MACd
with keys derived from this message's encryption key" should be
sufficient.
> Generally the ability for OTR to act as a person to person key
> producer would be pretty useful. Especially now that it offers the
> secure millionare based real-time authentication, which is a feature
> not offered by anything else.
>
> Sending files as in-band OTR messages, as was suggested, is pretty
> much a non-starter: most IM systems rate limit messages.
For sure.
- Ian
More information about the OTR-users
mailing list