On Fri, Jan 03, 2014 at 09:54:48AM +0100, Randolph wrote: > 2014/1/2 Nathan of Guardian <[email protected]> > I was thinking about how to pre-key'ing work could be > implemented in a more generic way, that would not be tied to a specific > server or app. > > Would it be possible using either an XMPP file transfer mechanism, or > something like our OTRDATA protocol, to send a number of pre-keys to a > contact, say at the time of an existing chat? > > > Dear Nathan, dear Ian, > > 1.) this reminds of the Rosetta CryptoPad doing this: here you send a key > shared in the past, and can generate at any time new ciphertext to be sent > over XMPP or any other Messenger or Email. The key must be surveilled in > the past and as well the private key must be screwed up. So this is > unlikely. Due to the hashes and salts the same plaintext generates each > time a new ciphertext. What would be the benefits, to have the D/H Key > exchange not in each session? see a seceenshot here: > http://goldbug.sourceforge.net/img/screenshot_rosetta.png
But that "unlikely" event is *exactly* what forward secrecy is there to protect against! You absolutely do not want keys stored long term that decrypt data sent over the Internet. > 2) you want pre shared keys? a bunch of? and want to use the XMPP data > sharing protocol? this reminded of the StarBeam File Transfer which is done > as well with pre-shared keys, the keys are sort of a magnet due to the > Magnet-URi standard and looks like this. The thing is, you can choose one > or several magnets to have access to the transfer (message or data file). I > would rather extend your request to have not only pre-shared keys, but to > use one or more keys for one transfer, so it is much more difficult to > break not only one key, but severals. The keys Nathan proposes are not symmetric keys that can be used to decrypt data. They are public keys. > 3.) As far as it is known, OTR uses perfect forward secrecy (PFS) per > session, right?. Not right. OTR does a DH key exchange every time Alice and Bob take turns speaking. - Ian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
