[jdev] Re: JEP-0027 (OpenPGP) implementation question
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Tue Mar 7 16:04:34 CST 2006
On Tuesday 07 March 2006 09:13, Peter Saint-Andre wrote:
> Looking at JEP-0116 again, I see that public keys are used to verify the
> identity of the parties, but that the stanzas themselves are signed and
> encrypted with session keys. So identity is asserted and preserved in
> the initial negotiation, but not attached to each stanza. Or so it seems
> (I need to read JEP-0116 again in depth).
I believe identity is attached at all times.
For the OTR feature, though, something is done later to make the packet
signatures worthless. The idea is that both parties can have full trust in
each other's identity during the conversation, but it is not possible to
later "prove" that each party actually said what they said, since forgery
would be easy at that point.
Calling OTR anonymous is a stretch. Anonymous is room full of people and
having to guess the one that did it. OTR is more like a Matlock show, where
Andy knows who did it, even if he doesn't have court-admissable evidence yet.
-Justin
More information about the JDev
mailing list