On Fri, Mar 27, 2009 at 12:56:27PM -0600, Peter Saint-Andre wrote: > 1. Why Not Use OTR? > > Many IETFers use OTR to encrypt their IM traffic, so they wondered why > we don't just use OTR. The last time I looked, I think there was only > one library for OTR, so that might be a problem (also it is not fully > XMPP-friendly because it was designed for cross-protocol IM only, not > encryption of complete stanzas etc.). But I admit that I haven't looked > at OTR in quite some time, so I'll try to review it again soon: > > http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
OTR only encrypts message bodies. We could make a similar spec that uses the same message flow, algorithms, etc., but has a more XMPP-friendly message structure. It would probably be a lot simpler than OTR itself, since we don't have to do things like signal support with whitespace (ewwww.) It wouldn't be compatible with OTR, though. I doubt the official OTR library (as it exists now) would be able to handle it, and sending XOTR-encrypted messages through gateways wouldn't work.
pgpvvlwlncpa0.pgp
Description: PGP signature
