[Standards] OTR

Bartosz Małkowski bmalkowski at tigase.pl
Mon Dec 29 14:07:34 UTC 2014


Hi!

I’m thinking if we should add something (optional) to prove that OTR Key is trusted.
I think about something based on for example OpenPGP signatures:

<key>
  <hash>E9017BCCF047B363A8ED281F2DE31972BECB3F34</hash>
  <signature type=„openpgp">
    hQEMA/cDyEqkT1m7AQf/ejLVE4KnNKJ8yPjMAn9C6OdCrwkZZ50YcrHjRIMkmGYB
    …
    QFElQwI1RKtS/SBY+CneY0eAIrLFNuW7Y7R/Qpt4jP2+UBpzCyzRzf/PVXfkK9iJ
    zmqXfw==
    =Aj0L
  </signature>
</key>

Where signature is for example OpenPGP_Sign(otr_key_hash).

I don’t know if it should be stored somewhere (like VCard) or should be generated on request.
I event don’t know if it is necessary or not ;-)

--
Bartosz Małkowski
Tigase Polska
xmpp:bmalkow at malkowscy.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 486 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/standards/attachments/20141229/9e1947da/attachment.sig>


More information about the Standards mailing list