>> cypherpunks.boxy at xoxy.net wrote: >> Any thoughts on allowing OTR to grab a key from an OpenPGP cert?
> Ximin Luo <infinity0 at gmx.com> wrote: > See this discussion[1] and subsequent messages. Thanks, very interesting... > TL;DR version is yes you can do it, and some of us want to do it. The > least problematic workflow that is most compatible with existing > workflows is: > - have a tool, e.g. some extension to monkeysphere, that creates an > Authentication-use subkey with the critical notation that says > something like "for OTR use only" Why would it have to be only for OTR use? In Pidgin, there is also a GPG plugin. Why couldn't we use the same key for that, in case we're comfortable with receiving an asynchronous communication? > [...] > - have yet another tool that scans your otr application for collected > public keys, and tries to verify their validity against your PGP trust > database, optionally downloading missing keys from keyservers. I wonder if this way, things might get a bit too fragmented? Perhaps a key management interface to the chat client, which any encryption plugin might use? (See my other post in this thread: http://lists.cypherpunks.ca/pipermail/otr-dev/2013-November/001990.html.) > X _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
