[jdev] Re: JEP-0027 (OpenPGP) implementation question

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Mar 7 16:04:34 CST 2006

On Tuesday 07 March 2006 09:13, Peter Saint-Andre wrote:
> Looking at JEP-0116 again, I see that public keys are used to verify the
> identity of the parties, but that the stanzas themselves are signed and
> encrypted with session keys. So identity is asserted and preserved in
> the initial negotiation, but not attached to each stanza. Or so it seems
> (I need to read JEP-0116 again in depth).

I believe identity is attached at all times.

For the OTR feature, though, something is done later to make the packet 
signatures worthless.  The idea is that both parties can have full trust in 
each other's identity during the conversation, but it is not possible to 
later "prove" that each party actually said what they said, since forgery 
would be easy at that point.

Calling OTR anonymous is a stretch.  Anonymous is room full of people and 
having to guess the one that did it.  OTR is more like a Matlock show, where 
Andy knows who did it, even if he doesn't have court-admissable evidence yet.


More information about the JDev mailing list