I'm not an OTR dev, but I spend a lot of time thinking about these issues since I'm working on OTR key syncing. I think the reason you outlined, not automatically cryptographically linking accounts is a good one. I think it makes sense to generate a key per account by default to leak as little info as possible. Then focus on making the key verification process as easy as possible, and its win/win. SMP questions are step in that direction, but I still think they are too hard to be generally useful.
You might be interested in our project OTR File Converter, which aims to parse/write all the common OTR file formats, and also sync all of the info between them. Right now, we support Adium, Pidgin, Gibberbot, and Jitsi. The GUI is a big rough but in the next couple weeks, we are planning a new release for Mac OS X, Windows, and GNU/Linux. https://github.com/guardianproject/otrfileconverter .hc On 06/30/2013 06:51 PM, Kurt Roeckx wrote: > Hi, > > It seems all the client I've look at generate a key per account > that I have. Is this intentional? Why? > > I would expect that if I talk to what I believe is the same > person, even if it's an other protocol that I'm using to talk, > that that person would use the same key and that I didn't have > to authenticate the person anymore. The same of course works > in both ways. If the same key is used, I can actually be sure > that I'm talking to the same person. > > The only good reason I can see to have a different key is that > you don't want people to know that it's the same person. > > A related issue seems to be that none of the clients I've > used seem to have a way to import or export keys. They all seem > to be using their own way to store things, and don't even seem > to have an option to protect it with a password. > > So it basicly means if I have 2 applications or 2 devices, > I even and up with 2 keys for the same protocols, which to me > makes little sense. > > > Kurt > > _______________________________________________ > OTR-dev mailing list > [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
