[Standards] OTR

Ralph Meijer ralphm at ik.nu
Tue Feb 3 10:03:08 UTC 2015


On February 3, 2015 10:37:14 AM WAT, Florian Schmaus <flo at geekplace.eu> wrote:
>On 03.02.2015 10:04, Dave Cridland wrote:
>> On 2 Feb 2015 18:49, "Peter Saint-Andre - &yet" <peter at andyet.net
>> <mailto:peter at andyet.net>> wrote:
>>> On 2/2/15 5:22 AM, Hund, Johannes wrote:
>>>> Since it was undisclosed that even the NSA seems to have problems
>>>> breaking into OTR [1], it gained a lot of attention it seems and
>thus
>>>> does a good deal in supporting XMPP as a choice for applications
>with
>>>> high requirements in privacy and security as its often the case for
>>>> IoT applications.
>>>
>>>
>>> OTR secures only the character data of the XMPP <body/> element
>within
>> message stanzas. That's appropriate for IM but doesn't really help
>with
>> things like IoT (which often use extended namespaces).
>>>
>> 
>> Exactly, and this is the kind of thing I was hoping that documenting
>the
>> current OTR usage in XMPP would show clearly.
>
>Isn't "documenting the current OTR usage in XMPP" simply
>
><message …>
> <body>
>    … put OTR stuff here …
> </body>
></message>
>
>where "OTR stuff" is defined at
>https://otr.cypherpunks.ca/Protocol-v2-3.1.0.html (I think most
>implementations use OTR v2) and
>https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
>
>So OTR is IM protocol-agnostic. You can see how OTR tries to negotiate
>using whitespaces at the end of String within the </body> element at
>https://github.com/python-otr/gajim-otr/issues/9#issue-40676864
>
>I'm also not sure if, not only because it's IM protocol-agnostic, OTR
>would be a good fit for IoT. Some research in this direction would sure
>be interesting.
>
>- Florian

Sure it will be short. However, some notes on limitations and security considerations would also need to be added. If only to make it easier to compare against other e2e proposals. If you want to make a start with a XEP, that's appreciated.
-- 
ralphm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150203/19455ea2/attachment.html>


More information about the Standards mailing list