[OTR-users] does authentication depend on secrecy of private key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 17 12:21:46 EDT 2015


On Fri 2015-04-17 11:38:01 -0400, Greg Reagle wrote:
> Why isn't this in the docs?  I think we have a bunch of people who
> understand cryptography so well that they don't know how to write docs
> for the general public.

Where do you suggest these changes should be made?  What should they be?

Can you propose a specific addition to the text that would improve the
situation without distracting from the main goals of the documentation?

I'm not part of the otr team myself, but i imagine that kind of concrete
contribution would be welcome.  Projects like OTR need good documenation
as much as they need good code.  Thanks for highlighting this gap.  Can
you help fix it?

> all security is completely dependent on the secrecy of the private
> key.

Hm i think this might be overstating the case.  not "all security" is
dependent on the secrecy of the secret key.  For example, the
confidentiality of *past* messages is not compromised if an attacker
violates the secrecy of the secret key in the future.

Regards,

         --dkg



More information about the OTR-users mailing list