[Standards] OTR

Daniele Ricci daniele.athome at gmail.com
Tue Feb 3 11:20:41 UTC 2015

Hello everybody,
referring to commit:

I know it's still work in progress, but I want to start from there to
say my two cents.
I think encrypting the whole stanza can be avoided in some cases.
Also, the only stanza type that has sense to be encrypted with OTR is
<message/>. Therefore, I'd distinguish between two specific cases:

* encryption of message body: just include the encrypted message body
in the <otr/> element as a child of <message/>
* encryption of whole stanza (for other purposes or for complex
messages): encrypt the whole stanza and encapsulate the OTR content in
an <otr/> element as a child of <message/>

The only problem here is how to recognise the encrypted data? Is it a
text body or a stanza? Maybe we can use a "type" attribute to <otr/>,
revealing more metadata? Or maybe we could add a header to the
encrypted data:

Content-type: text/plain

message body

Content-type: application/xmpp+xml

<message ...>

What do you think?

On Tue, Feb 3, 2015 at 11:07 AM, Winfried Tilanus <winfried at tilanus.com> wrote:
> On 03-02-15 11:03, Ralph Meijer wrote:
>> Sure it will be short. However, some notes on limitations and security
>> considerations would also need to be added. If only to make it easier to
>> compare against other e2e proposals. If you want to make a start with a
>> XEP, that's appreciated.
> https://github.com/winfried/XMPP-OTR
> If you give me your github name, I will give you write access ;-)
> Winfried


More information about the Standards mailing list