Howard Chu <h...@symas.com> writes: > Jonas Wielicki wrote: >> Adding complications such as key sync, key management, revocation etc. >> is not what I consider useful for the general case. > > Indeed, it completely misses the point. OTR provides repudiable > communication. Unifying all your keys would weaken or destroy that > property.
Not true - OTR's signing key to authenticate a session is similar to OpenPGP. The difference is that session keys are authenticated, not messsage content, and repudiability (word?) is achieved by using symmetric MACs and disclosiing them. So strengthening the authentication key into a real PKI of some sort would not break the repudiability property. I'd like to see a way to: 1) sign an OTR signing key with an OpenPGP key 2) use OpenPGP to verify a peer's OTR signing key 3) (perhaps) send the signature from 1 via OTR with all of this (at least 1 and 3) being optional, with no change to behavior if not done. Checking keys is hard, and sharing that work among multiple channels seems like a win. _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
