[Standards] OTR

Sam Whited sam at samwhited.com
Mon Dec 22 18:16:28 UTC 2014


On 12/22/2014 11:28 AM, Bartosz Małkowski wrote:
> I'm not sure we should start new XMPP stream covered by OTR. It 
> depends on what we want to do. We can't hide that communication 
> between A and B happens. Does encrypting whole stanzas is worth of 
> complications?

We couldn't hide the fact that communication happens between A and B,
but we could hide what type of communication happens. Eg. are messages
being exchanged, is presence being exchanged, are files being exchanged,
etc.

(this is assuming we were to design some sort of solution where all
wrapper messages look identical, and the actual XMPP stream is encased
within those messages, which isn't necessarily something we want or
don't want to do yet).

eg. after the initial setup / stream initialization:

    <!-- All messages looks like this to the server. Nothing else gets
sent unless it's in the OTR stream. -->
    <message to="B" from="A" type="otr">
    ---OTR-ENCRYPTED---
      <something>could be any type of XMPP message</something>
    ---END-OTR---
    </message>

Ignore the `type' as I'm not sure that's something we want either. We'd
have to ensure that whatever we do doesn't break OTR's goal of plausable
deniability. This is just an example based on what I think you were
saying and how it adds so

—Sam

-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20141222/1d8fe887/attachment.sig>


More information about the Standards mailing list