[Standards] OTR

Sam Whited sam at samwhited.com
Mon Dec 29 17:12:02 UTC 2014


On 12/29/2014 09:07 AM, Bartosz Małkowski wrote:
> I’m thinking if we should add something (optional) to prove that OTR
> Key is trusted. I think about something based on for example OpenPGP
> signatures:
> 
> ...
> 
> Where signature is for example OpenPGP_Sign(otr_key_hash).

OTR doesn't work this way by design. Signing an OTR key via PGP before
verification may give you another channel to determine your trust in the
OTR key (assuming you do trust the PGP key used), but it also destroys
the deniability of the conversation (unless it were done AFTER the OTR
session is already established).

Regardless, I think this is out of the scope of what the OTR document
would define.

—Sam


-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20141229/082369c6/attachment.sig>


More information about the Standards mailing list