On 03/02/14 00:00, Ximin Luo wrote: > On 02/02/14 18:25, Nathan of Guardian wrote: >> On 02/02/2014 12:17 PM, Seth wrote: >>> On Sat, 01 Feb 2014 04:16:34 -0800, Eleanor Saitta <[email protected]> >>> wrote: >>> >>>> Likewise, they mostly only support a single fingerprint per user, >>>> which vastly complicates use with multiple (mobile/desktop, for >>>> instance) clients. >>> >>> Are you aware of any OTR capable XMPP clients or OTR plugins which >>> currently _do_ support multiple fingerprints per user? >> >> ChatSecure for Android does. We store fingerprints based on the full >> JID, which includes the resource, meaning that: >> >> [email protected]/chatsecure >> [email protected]/pidgin >> >> can have unique verified fingerprints. >> > > I don't think this approach is useful, see > http://sourceforge.net/p/otr/bugs/24/ >
Sorry, I'm confusing myself here. That bug is about storing the XMPP resource of the *source account* that *you* sign in as. You were talking about the *target account* of your buddy. Storing (and matching against) the XMPP resource in this case, is not such of a big deal. However, I would still argue that it's unnecessary, for the reason below. > When I validate a key I am validating it against an *identity* and not a > device. It is not an attack if my friend moves the key from one device to > another. > >> In our work documenting the various keystore formats for our KeySync >> project, I know that we came across a few other apps that do this as >> well, at least in theory. >> >> +n >> > > > -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
