[OTR-users] Reasonably secure conference / chat rooms now?

Matthew Van Gundy mdvangundy at ucdavis.edu
Mon Aug 30 12:59:50 EDT 2010 

On 8/30/10 8:52 AM, Christoph A. wrote:
> On 06/21/2010 10:45 PM, Matthew Van Gundy wrote:
>> Gregory Maxwell wrote:
>>>>> Does anyone know of a way, using OTR related or other protocols, to do
>>>>> reasonably secure multi-party chat?
>>>>> I found the mpOTR paper - http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf -
>>>>> but could not find any software that implements the protocol.
>>
>> The cryptographic protocols we presented in that paper makes certain
>> assumptions about the underlying communication medium.  I'm finishing
>> work on the underlying protocol over this summer.
>
> Could you elaborate on 'certain assumptions about the underlying
> communication medium' if they contain more then Broadcast() and Send()
> as defined in chapter 4.1?
>
> Are these assumptions somehow requirements to the underlying IM protocol
> or will mpOTR implement them on top of the underlying IM?

Specifically, the incremental consensus mechanism that is currently 
under submission (foreshadowed in [1] page 10 paragraph 3):

     The consensus approach adopted above is very naive—--it does not
     attempt to remedy any consensus errors and it only determines if
     consensus has been reached at the very end of the chat session. This
     simple approach is adopted to allow a free choice of consensus-ensuring
     algorithms to be employed at the network layer. The network could
     provide totally ordered multicast or KleeQ-like algorithms 
optimized for
     the broadcast medium. Whatever approach is chosen, we can detect any
     violations of reliable delivery at the mpOTR level. ... Approaches 
which
     ensure consensus incrementally throughout the chat session are
     possible and useful. We have chosen the approach above for its
     clarity, but any implementation has room for improvement.

Cheers,
Matt

[1] Ian Goldberg, Berkant Ustaoglu, Matthew Van Gundy, and Hao Chen. 
Multi-party Off-the-Record Messaging. In Proceedings of the Sixteenth 
ACM Conference on Computer and Communications Security (CCS), Chicago, 
IL, November 2009.

More information about the OTR-users mailing list