[Standards] OTR

Florian Schmaus flo at geekplace.eu
Tue Feb 3 09:37:14 UTC 2015


On 03.02.2015 10:04, Dave Cridland wrote:
> On 2 Feb 2015 18:49, "Peter Saint-Andre - &yet" <peter at andyet.net
> <mailto:peter at andyet.net>> wrote:
>> On 2/2/15 5:22 AM, Hund, Johannes wrote:
>>> Since it was undisclosed that even the NSA seems to have problems
>>> breaking into OTR [1], it gained a lot of attention it seems and thus
>>> does a good deal in supporting XMPP as a choice for applications with
>>> high requirements in privacy and security as its often the case for
>>> IoT applications.
>>
>>
>> OTR secures only the character data of the XMPP <body/> element within
> message stanzas. That's appropriate for IM but doesn't really help with
> things like IoT (which often use extended namespaces).
>>
> 
> Exactly, and this is the kind of thing I was hoping that documenting the
> current OTR usage in XMPP would show clearly.

Isn't "documenting the current OTR usage in XMPP" simply

<message …>
 <body>
    … put OTR stuff here …
 </body>
</message>

where "OTR stuff" is defined at
https://otr.cypherpunks.ca/Protocol-v2-3.1.0.html (I think most
implementations use OTR v2) and
https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html

So OTR is IM protocol-agnostic. You can see how OTR tries to negotiate
using whitespaces at the end of String within the </body> element at
https://github.com/python-otr/gajim-otr/issues/9#issue-40676864

I'm also not sure if, not only because it's IM protocol-agnostic, OTR
would be a good fit for IoT. Some research in this direction would sure
be interesting.

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150203/f6460723/attachment.sig>


More information about the Standards mailing list