[OTR-users] does authentication depend on secrecy of private key
Greg Reagle
reagle at cepr.net
Fri Apr 17 12:40:11 EDT 2015
On Fri, Apr 17, 2015, at 12:21 PM, Daniel Kahn Gillmor wrote:
> Can you propose a specific addition to the text that would improve the
> situation without distracting from the main goals of the documentation?
>
> I'm not part of the otr team myself, but i imagine that kind of concrete
> contribution would be welcome. Projects like OTR need good documenation
> as much as they need good code. Thanks for highlighting this gap. Can
> you help fix it?
That is a good suggestion. It makes sense that a docs patch would be
more welcome than just criticism. I'll think about how to word it.
> > all security is completely dependent on the secrecy of the private
> > key.
>
> Hm i think this might be overstating the case. not "all security" is
> dependent on the secrecy of the secret key. For example, the
> confidentiality of *past* messages is not compromised if an attacker
> violates the secrecy of the secret key in the future.
Thank you for that correction. I forgot about perfect forward secrecy.
More information about the OTR-users
mailing list