-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/11/13 15:01, Ximin Luo wrote: >> >>> - have a tool, e.g. some extension to monkeysphere, that creates an >>> Authentication-use subkey with the critical notation that says >>> something like "for OTR use only" >> >> Why would it have to be only for OTR use? In Pidgin, there is also a >> GPG plugin. Why couldn't we use the same key for that, in case we're >> comfortable with receiving an asynchronous communication? >> > > Security concerns mean that it's wise not to use different keys for > different protocols. I don't know what that GPG plugin does, but I am > guessing it's not OTR - so unless you can prove it's safe, it is best to > assume it's not safe. >
Sorry, typo; "wise to use different", or "wise not to use same". > Just because you can, doesn't mean you should; semantically it would be > similar to using the same key to lock your front door, as well as a random > safety deposit box at your bank, plus as a stamp for a wax seal you put on > your letters. > > Relevant: > > http://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig > > - -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJSe/A8AAoJEIYN7zuPZQt576kQAKqEfRWTlptSyslM10A9cFOn /a4F29JOtX2W5mnPHaBxuLPndAvU8NMCshhohAD/UtGFVfSqMUTFgvENDXbydhwo v52gYtSt44dc51XQfSv597Cc4fUQ7IKKrDDTZJq5+ii23SqxZ4G+sC9KCZawHENa pkSiUENypJ3luqPG1ikgKs8dNBm6vp4HRuHz+pLF2GdlUo+rgub4NNm+U4k4Qe4P RPhxOVHoijKUn/WS4LD2L6CvoUFBVKLv5B/l1Y1TVV8ES8gKyL1bwU+7F4T3LPRN yO15e4A0svBkKAc6c3clagwpE9SlVsBIjz5Mbs1n65inHIUbnD424eCT2QmrB8AL OObp33Z9fwNdKfUE+hjBZwgaLUcxxF563lqesohy9q37cvR8KbM/pnjAAvMCwUUQ fUDRYS5X32r3DDUUL70qHHkhyWRAimp+mmqdayMOi6YcqoHsGmiv7ZkaK2aJGK/E KXsUrMlqyvryEHBThKdQZ9Q44Sbn4ad7qq2+bVJ1gG84BYILJp8KXOaIgvqKKaZl khmL2a4mjagUag2hVmeUceJwyPBwB5j3awHrcGdnMEbel099rc9iawIengJoSYGK X79uOhYoWaw9n90KRWF0bQodWf0zrBF1XyS/puQQnasU2JOOVlz6D6/3gXa2408F 0/BsuaDJlB53wgQlc/fJ =tZUr -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
