On Sun, Aug 26, 2012 at 09:48:56AM -0700, Howard Chu wrote: > Ian Goldberg wrote: > > On Sat, Aug 25, 2012 at 08:54:56PM -0700, Arlo Breault wrote: > >> If it's only the first messages, you can start the conversation with > >> heartbeat packets so that compromising them is meaningless. > > > > Nice idea! But then we'd have to *require* all OTR clients to implement > > this. Since not all OTR clients use libotr (there are a number of > > compatible implementations now, though not yet of the new version of the > > protocol), it seems bad to force them to change their behaviour because > > of a wart in the API of libotr. > > But is this really just an API implementation issue, or is it > fundamental to the protocol? It seems to me that if you want to > support this multiple endpoint scenario, you have this problem no > matter what implementation you use.
I don't think it's fundamental to the protocol. I wouldn't warrant that every possible implementation of the OTR protocol version 3 automatically has a forward secrecy problem for the initial messages. (For example, the proposed change to libotr would make it so that it doesn't.) - Ian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
