[Standards] OTR

Daniele Ricci daniele.athome at gmail.com
Tue Feb 3 11:20:41 UTC 2015


Hello everybody,
referring to commit:
https://github.com/winfried/XMPP-OTR/commit/76a5cf06a3728e042740c0e30ba535e55b2613a8

I know it's still work in progress, but I want to start from there to
say my two cents.
I think encrypting the whole stanza can be avoided in some cases.
Also, the only stanza type that has sense to be encrypted with OTR is
<message/>. Therefore, I'd distinguish between two specific cases:

* encryption of message body: just include the encrypted message body
in the <otr/> element as a child of <message/>
* encryption of whole stanza (for other purposes or for complex
messages): encrypt the whole stanza and encapsulate the OTR content in
an <otr/> element as a child of <message/>

The only problem here is how to recognise the encrypted data? Is it a
text body or a stanza? Maybe we can use a "type" attribute to <otr/>,
revealing more metadata? Or maybe we could add a header to the
encrypted data:

-------------8<---------------
Content-type: text/plain

message body
-------------8<---------------

-------------8<---------------
Content-type: application/xmpp+xml

<message ...>
 ....
</message>

What do you think?


On Tue, Feb 3, 2015 at 11:07 AM, Winfried Tilanus <winfried at tilanus.com> wrote:
> On 03-02-15 11:03, Ralph Meijer wrote:
>> Sure it will be short. However, some notes on limitations and security
>> considerations would also need to be added. If only to make it easier to
>> compare against other e2e proposals. If you want to make a start with a
>> XEP, that's appreciated.
>
> https://github.com/winfried/XMPP-OTR
>
> If you give me your github name, I will give you write access ;-)
>
> Winfried



-- 
Daniele



More information about the Standards mailing list