[Standards] OTR

Florian Schmaus flo at geekplace.eu
Tue Feb 3 09:37:14 UTC 2015

On 03.02.2015 10:04, Dave Cridland wrote:
> On 2 Feb 2015 18:49, "Peter Saint-Andre - &yet" <peter at andyet.net
> <mailto:peter at andyet.net>> wrote:
>> On 2/2/15 5:22 AM, Hund, Johannes wrote:
>>> Since it was undisclosed that even the NSA seems to have problems
>>> breaking into OTR [1], it gained a lot of attention it seems and thus
>>> does a good deal in supporting XMPP as a choice for applications with
>>> high requirements in privacy and security as its often the case for
>>> IoT applications.
>> OTR secures only the character data of the XMPP <body/> element within
> message stanzas. That's appropriate for IM but doesn't really help with
> things like IoT (which often use extended namespaces).
> Exactly, and this is the kind of thing I was hoping that documenting the
> current OTR usage in XMPP would show clearly.

Isn't "documenting the current OTR usage in XMPP" simply

<message …>
    … put OTR stuff here …

where "OTR stuff" is defined at
https://otr.cypherpunks.ca/Protocol-v2-3.1.0.html (I think most
implementations use OTR v2) and

So OTR is IM protocol-agnostic. You can see how OTR tries to negotiate
using whitespaces at the end of String within the </body> element at

I'm also not sure if, not only because it's IM protocol-agnostic, OTR
would be a good fit for IoT. Some research in this direction would sure
be interesting.

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150203/f6460723/attachment.sig>

More information about the Standards mailing list