Hello, I am a member of a team which attempts to develop an independent implementation of the OTR protocol in C++. We have currently finished implementing the AKE. We have, nevertheless, some significant problems understanding the Key Management that comes after it. Could you help us clarify things?
Here are the questions, so far, 6 of them: =======================================================================================| 1. There are "keyids" in AKE and "keyids" in Key Management. What is their relation? There is a seeming contradiction in descriptions. Namely, in construction of Reveal Signature message it says: "Select keyidA, a serial number for the D-H key computed earlier. It is an INT, and must be greater than 0." This would indicate that any random nonzero number would do. and in Key Management it says: "generate two DH key pairs for yourself, and set our_keyid = 2." and "Send the public part of our_dh[our_keyid-1], with the keyid field, of course, set to (our_keyid-1)." This indicates that keyidA must be 1. Which one holds? Should keyidA be equal to 1 in Reveal Signature, or can it be any nonzero random number? =======================================================================================| 2. The Key Management says: "generate two DH key pairs for yourself" Why so? Why two? =======================================================================================| 3. The Key Management says: "When starting a private conversation with a correspondent" For the very first conversation between two correspondents, this is easy. However, when is a previous conversation considered to have finished? It is clear that after sending a request to "User requests to end an OTR conversation", the conversation should be considered finished at least at the side of the party which sent the request. What if the other party does not receive it? What if there is transport-level failure? What if the other party stays online, but does not write anything for a day? In principle: when can we consider a private conversation to be finished, without breaking compatibility with libotr? Does libotr rely on protocols like XMPP to consider a conversation finished? =======================================================================================| 4. The Key Management says: "For each correspondent, keep track of: (some keys)" "Keeping track" means that the keys should be stored? How and for how long? Persistently on disk, or transiently in memory? Until restart of the underlying messaging application? Or just for the duration of the private conversation? The private keys are vulnerable if stored on disk. =======================================================================================| 5. The Key Management says: "Upon completing the AKE: If the specified keyid equals..." Specified where? By the other party of the AKE, in their Reveal Signature / Signature messages? Or in another way? =======================================================================================| 6. Key rotation (in Key Management) Key Rotation is only performed upon receiving of a data message? When the keys are being rotated, the expression "If Alice's public key is numerically greater" means the current DH key, right? (And not the DSA key used for previous AKE). =======================================================================================| Thank you in advance for all comments. Regards Marian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
