On Thu, 21 Feb 2013, Sergio Lerner wrote:
One of the most interesting thinks I've found in OTR is the ability to
provide forward secrecy. Nevertheless, as I've read in the section 4.2
of the paper http://www.cypherpunks.ca/otr/otr-wpes.pdf, some times keys
are kept in memory for long times if the remote used does not reply.
I can think of two scenarios where this is a drawback:
1. Alice sends many messages in a row, but Bob does not reply.
2. Alice want to send a big file to Bob while (say 10 Mbytes) using OTR
with forward secrecy. Examples
2.a) Alice is sending audio/video chunks recorded with his
microphone/camera over OTR.
2.b) Alice is downloading a file and at the same time she is sending
it to Bob.
How would you be sending all of that if Bob does not reply? You want to
have millions of messages outstanding without an ack?
In both three cases she wants that at any time, if her computer is
compromised, then the data already sent is protected unconditionally.
Also in these last two cases, going though D-H for every block
transmitted may imply a very high overhead, and a reduction in
throughput because of the RTT latency needed to exchange D-H messages.
Read the spec. there is a separate method for negotiating a symmetric
key using OTR. You then use that key for the bulk transport encryption.
I don't know from the top of my head if Alice and Bob have a way of
acknowledging the key for destruction, but I would expect so.
Paul
_______________________________________________
OTR-dev mailing list
[email protected]
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
