[OTR-users] Pretty-please standardize OTR signature storage, per OS.

Thijs Alkemade me at thijsalkema.de
Tue Sep 10 10:24:52 EDT 2013


Hello,

Before we run off and start reimplementing something like a gpg-agent-for-otr,
could we investigate whether it would be possible to just use gpg with gpg-
agent itself for storing OTR keys and known fingerprints?

It's a well established tool which has all the things like encrypted storage
of private keys and management of known public keys figured out.

If we standardize on a way to store OTR keys as a subkey in GPG (like was
discussed in [1]), we additionally make it possible to use the WoT for
retrieving, verifying and revoking keys.

There are however a couple of things of which I'm not sure how good they match
up. Can we store arbitrarily formatted IM handles with known public keys (not
just those that look like emails)? Can you apply a trust setting only to one
specific subkey? Is it even a good idea to use gpg's trust for OTR trust, or
can that be a separate field?

[1] = http://thread.gmane.org/gmane.ietf.openpgp/7333

Regards,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20130910/6b9e2f85/attachment.pgp>


More information about the OTR-users mailing list