Nathan of Guardian <nat...@guardianproject.info> writes: > On Tue, Nov 10, 2015, at 04:15 PM, Greg Troxel wrote: >> >> I am curious if anyone from OTR-land has comments about the pros and >> cons of OMEMO vs OTR. >> >> http://conversations.im/omemo/ >> >> In using smssecure as well as OTR, I notice an interesting property >> which is more about the implementation than the protocol, which is that >> keymat is stored persistently. So after having an smssecure session >> with Alice (not her real name :-) in early June, and no texts since, I >> was able to send one just now, and have both of our devices still have >> the keymat and have it work. Of course that means it has persisted in >> flash across reboots. > > Are you sure it was persisting key material? I think the idea with OMEMO > is to support the Axolotl/TextSecure pre-key technique using XMPP > infrastructure. This means, you can create a valid session key without > the other party needing to be online.
I guess I need to go reread the protocol. I don't understand how one can create a session key that is used to send a message to a perhaps-offline party can work unless the other party is persisting the key needed to decrypt. > In addition, for ChatSecure, we proactively generate session keys for > OTR, so that if you have an open conversation thread with someone, and > they are online AND we detect they have a compatible XMPP resource, we > start the OTR negotiation process. If you receive a message you cannot > decrypt, we renegotiate the session, and then thanks to delivery > receipts, the sender should then know to re-send the previous > undelivered messages. The goal is to make OTR as automatic as possible, > while still maintaining PFS, as much as possible. We only keep OTR > session keys in RAM. That makes sense. I didn't realize delivery receipts were wrapped up in that, but it makes sense to reuse that vs rolling your own inside OTR. Probably chatsecure is doing this better than other clients; I tend to use OTR more with Adium and pidgin, just because I don't tend to xmpp on my phone.
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
