[OTR-users] OTR enabled IM message flow diagram available?
Ian Goldberg
ian at cypherpunks.ca
Tue Oct 29 19:34:29 EDT 2013
On Tue, Oct 29, 2013 at 03:53:43PM +0000, Bernard Tyers - ei8fdb wrote:
> Hi there,
>
> I am doing a dissertation at the moment and am researching OTR from a
> human centred design perspective.
Sounds cool! Can you elaborate?
> Can anyone point me towards a message flow diagram which outlines the
> OTR message flow, similar to this GSM originating call flow diagram.
> [1]
>
> My Google-foo seems weak this week.
>
> thanks,
> Bernard
>
> [1] http://www.eventhelix.com/gsm/originating-call/gsm-originating-call-poster.pdf
It's basically this:
Alice Bob
OTR Query ->
<- DH Commit
DH Key ->
<- Reveal Signature
Signature ->
Data <-> Data
But of course, from a human-centered perspective, the humans will see
none of that. Alice will just type her first message (or explicitly
click "Start OTR conversation", or whatever, depending on her client)
and then both sides will see that the conversation is encrypted. Or
maybe they won't; one of the benefits of OTR is that even if you have no
idea it's there, you're no worse off than if you weren't using it at
all. (You'll be protected against passive but not active attackers.)
We also did a user study of OTR back in 2008, which revealed some
problems and led to subsequent UI improvements. No one (to my
knowledge) has done a followup study on the improvements, however.
http://www.cypherpunks.ca/~iang/pubs/otr_userstudy.pdf
Thanks,
- Ian
More information about the OTR-users
mailing list