[OTR-users] OTR transport protocol?
Ian Goldberg
ian at cypherpunks.ca
Sun Apr 4 19:48:27 EDT 2010
On Sun, Apr 04, 2010 at 07:23:34PM -0400, Alex wrote:
> Hi. Would there be any use for an implementation of OTR in a way
> similar to that of TLS?
Good question.
TLS already has the ability to do perfect forward secrecy by using one
of the ephemeral Diffie-Helman ciphersuites. It does mutual
authentication using certificates, but I've seen proposals to include
PAKE, and even SMP, into TLS. One would have to figure out exactly what
deniability/repudiation properties one was looking for to see if TLS
could be coaxed into doing that.
That said, if you squint in the right way, you could pretend that
today's OTR was indeed a transport-level protocol, since you can send
arbitrary packetized TCP streams over it. (You'd have to remove the
specification of how to interpret the decrypted message, though.)
Its utility would be quite different from TLS, though, since it's mainly
useful for connecting people who know (and can authenticate) each other,
whereas TLS can connect strangers, proving they trust the
PKI-in-the-sky. (See, for example, http://government.zdnet.com/?p=8257 )
- Ian
More information about the OTR-users
mailing list