On 3/27/09 3:06 PM, Brendan Taylor wrote: > On Fri, Mar 27, 2009 at 12:56:27PM -0600, Peter Saint-Andre wrote: >> 1. Why Not Use OTR? >> >> Many IETFers use OTR to encrypt their IM traffic, so they wondered why >> we don't just use OTR. The last time I looked, I think there was only >> one library for OTR, so that might be a problem (also it is not fully >> XMPP-friendly because it was designed for cross-protocol IM only, not >> encryption of complete stanzas etc.). But I admit that I haven't looked >> at OTR in quite some time, so I'll try to review it again soon: >> >> http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html > > OTR only encrypts message bodies. We could make a similar spec that uses > the same message flow, algorithms, etc., but has a more XMPP-friendly > message structure. It would probably be a lot simpler than OTR itself, > since we don't have to do things like signal support with whitespace > (ewwww.) > > It wouldn't be compatible with OTR, though. I doubt the official OTR > library (as it exists now) would be able to handle it, and sending > XOTR-encrypted messages through gateways wouldn't work.
Right. If we were to go down that route, we'd need to work with the OTR developers to make OTRv3, which would at the very least include a way to signal that the payload is (1) XMPP or (2) text. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
