[jdev] OTR and Jabber - Clients wanted
Trejkaz
trejkaz at trypticon.org
Tue May 31 20:04:52 CDT 2005
Quoting Justin Karneges <justin-keyword-jabber.093179 at affinix.com>:
> In my opinion, it would have been a lot better for OTR to utilize GPG for the
> public keys. Then instead of competing systems, each with advantages and
> drawbacks, we would have a single system with all combined advantages.
Now you're onto something. Use OpenPGP public keys, where the public key is
only used for exchanging the shared session key. Then proceed with the
session
using the shared keys, in the same fashion as OTR.
So-called geeks (I prefer to call them "privacy/identity-concerned
indivuduals")
who use GnuPG would still be able to use their existing keys and be able to
authenticate each other, and would get the benefits of forward secrecy.
Users who couldn't care less about identify but still want encryption
(which is
a highly strange mindset IMO, but it seems people do think this way)
could have
their clients autogenerate new GPG keys whenever they needed to, and
participate
in the same protocol in the same capacity OTR lets them today. They
would even
be able to identify other users by their keys, just that other users wouldn't
be able to identify them by theirs.
Sounds like a win-win situation to me.
TX
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the JDev
mailing list