On Fri, 22 Feb 2013 11:00:59 +0000 Michael Rogers <mich...@briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 21/02/13 18:30, George Kadianakis wrote: > > * Is the shutdown phase of OTR the only place where transcript > > soundness is guaranteed? By 'transcript soundness', I mean the > > guarantee that all participants see the exact same transcript. > > What happens, if an 3vil server drops packets in the middle of the > > conversation? Do participants learn this only in the end of the > > conversation? > > A related threat: can a chat participant send different messages to > different participants, without this being detected until the > transcripts are compared? For example: > > Alice -> Everyone: Let's make plans for Friday > Bob -> Alice: Who wants to get ice cream? > Bob -> Carol: Who want to shoot the president? > Alice -> Everyone: Ooh, me me me! This particular threat can be mitigated by sending encrypted signed hashes of received messages back to every party. Is there already a temporary signing key that is used, or is the mac key sufficient? A party receiving different hashes at each point would prompt a message to the user that party x is sending false messages. Assumes messages are sequence numbered. Users A, B, C, D A -> msg to B, C A -> diff message to D B,C, D -> send signed hash to A, B, C, D A, B, C, D compare results with recieved/sent text A-> detects different hash for D, resends message to D B, C -> detect different message, sends "resend message" to A, D. A -> resends message to B, C D-> resends hash to B, C (if hash matches new message) B, C -> sends hash to A, B, C, D (if hash is different) B, C -> sends authentication error to all parties, system warns user of A Kind of complicated, and a lot of network traffic. _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
