[OTR-users] PGP integration?
Ximin Luo
infinity0 at gmx.com
Sat Jun 22 08:28:12 EDT 2013
On 28/09/12 02:43, Ian Goldberg wrote:
> On Fri, Sep 28, 2012 at 02:19:22AM +0100, Ximin Luo wrote:
>> Hi, are there any plans to integrate OTR keys with PGP? (c.f. how
>> monkeysphere integrates SSH keys with PGP).
>>
>> It's good that crypto products don't also try to provide a PKI and
>> reimplement the wheel, but then they should actually *use* existing
>> ones to fill this gap!
>
> This comes up on the list now and again. ;-)
>
> One big problem is that there's no way to bind the PGP key for
> "bob at example.com" to the AIM ID "angrybob". Many people already do sign
> their OTR keys with their PGP keys, so if you (the person, not your
> software) knows that bob at example.com is the same person as angrybob, you
> can tell your OTR client that you've verified the keys. But there's not
> a good way to do this automatically.
>
(re-visiting this issue)
1. Unfortunately if I sign my OTR key (a file) using my PGP key in the usual
way, this creates a non-revocable signature using the "S" ability of the key.
What we really want is to create revocable certification of the OTR key using
the "C" ability of the key, which is the same thing that's done when signing
other people's keys (as opposed to files).
2. I'd like to bring up the issue of UIDs again because without a web-of-trust,
OTR is stupidly hard to use, since you must verify keys with every single
recipient. (Man-in-the-middle attacks destroy the credibility of non-verified
sessions.)
IMO the terminology used is extremely misleading too, e.g. [1] "authenticating
your buddy helps to ensure that the person you are talking to is who he/she
claims to be" completely ignores the issue of MitM.
X
[1] http://www.cypherpunks.ca/otr/help/3.2.0/authenticate.php
>> Also, how does OTR prevent MITM against "Q/A" and "Shared secret"
>> auth[1], as I was under the impression that only physical face-to-face
>> verification of fingerprints (or a derived process, e.g. PGP's WoT)
>> can prevent such attacks.
>
> When you use Q/A or shared secret auth, OTR relies on you picking a
> (question or) secret that only your buddy knows (the answer to). That
> way, the knowledge of the secret is bound by the SMP to the fingerprint
> of your buddy's public key.
>
> Does that help?
>
> - Ian
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
--
GPG: 4096R/5FBBDBCE
https://github.com/infinity0
https://bitbucket.org/infinity0
https://launchpad.net/~infinity0
More information about the OTR-users
mailing list