sam at samwhited.com
Mon Dec 29 17:12:02 UTC 2014
On 12/29/2014 09:07 AM, Bartosz Małkowski wrote:
> I’m thinking if we should add something (optional) to prove that OTR
> Key is trusted. I think about something based on for example OpenPGP
> Where signature is for example OpenPGP_Sign(otr_key_hash).
OTR doesn't work this way by design. Signing an OTR key via PGP before
verification may give you another channel to determine your trust in the
OTR key (assuming you do trust the PGP key used), but it also destroys
the deniability of the conversation (unless it were done AFTER the OTR
session is already established).
Regardless, I think this is out of the scope of what the OTR document
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Standards