[OTR-users] Pretty-please standardize OTR signature storage, per OS.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Sep 8 19:03:11 EDT 2013


On 09/08/2013 06:52 PM, subharo at hushmail.com wrote:

> This "simple executable" you speak of: am I right that it would be 
> platform-specific, compiled into machine-code for all common OS's 
> (Windows Vista, 7, 8, OSX, Linux), and architectures (i386, AMD64, 
> ARMv7, and possibly ARMv6 for Linux)?  Now some simplicity is being 
> lost, would you agree?

(note: i'm a developer of the monkeysphere)

msva-perl is a perl implementation of the monkeysphere validation agent
-- a local process that does roughly what we're talking about (listens
on TCP on the loopback to validate cryptographic certificates of network
peers), but does its authentication against a user's GnuPG keyring.

 http://web.monkeysphere.info/

It's used at the moment for ssh and https, but could be extended to
handle OTR if people were interested in that and had the time to work on it.

As for the question of dependency chains, you're quite right to be
concerned about it.  For the standard way that windows and mac OS users
install software, both options that you present are awful.

In the bundled scenario, you haven't solved anything: client A bundles
the server, and client B bundles another copy of the server (same
version?  maybe; maybe not!) -- if they both run their servers, now the
servers run into conflict.  bleah.

in the non-bundled scenario, you're asking users to do a more
complicated thing.

Nonetheless, if you're asking pieces of software to
collaborate/cooperate with each other, this kind of coordination is
essential.  This is the work that GNU/linux distribution maintainers do,
and it's why this modular approach is easily solvable on common
GNU/Linux distributions.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20130908/7f546ec6/attachment.pgp>


More information about the OTR-users mailing list