[OTR-users] new user, comments on authentication
Michael Reichenbach
michael_reichenbach at freenet.de
Thu Nov 29 02:57:32 EST 2007
1) Well, if the shared secret is weak against mitm (because of dh) then
you should drop it.
2) I think otr is about chatting secure with friends. In this case there
can be not trusted third party like a web of trust. With a web of trust
there is always the risk these days that some authority uses legal power
to compromise that system.
Web of trust can be only useful in commercial use (like ssl for
communicating with bank. A web of trust has a point in this situation,
but can be broken by authority with power over the web of trust / or
even more simply the bank).
3) As long checking the fingerprint is secure (even if there is an
active mitm from beginning from the first time for all times) I am happy.
4) This fingerprint needs to be checked either over a pre-secure channel
or in a real life meeting. While saying "pre-secure" channel we are also
back at complicated encryption and pgp.
Phone is not that good for checking fingerprint (ok, voice synthetic
attack is only in very little cases these days but it`s no real secure
solution).
I wish there would be a more easy solution, but I am afraid there isn`t.
5) The otr team did their job. Secure encryption between friends always
need confirmation anything (fingerprint or public key) within a meeting
in real life. Only if you suspect there are no logs / mitm for the first
time of communication, then also dh and trusting the fingeprint without
checking it might work but this is much less secure because you better
should not suspect that.
More information about the OTR-users
mailing list