Hi! I realized I completely forgot to send the list the notes from the meeting we had in Valencia, Spain at the IFF (Internet Freedom Festival).
We've mostly discussed the OTR version 4 "design and specification".
Participants in the discussion were (nickname alphabetical order):
dgoulet, dkg, iang, infinity0, isis, olabini
(if I forgot your name, very sorry don't hesitate to fix :)
They are not very complete notes but at least they can trigger discussions.
Also, if some stuff is incorrect or it's incomplete, please complement or/and
correct.
So here are some points for the new protocol that were discussed:
---
== OTRv4 ==
- Kill SHA1 with fire and use SHA3.
- Ratcheting: use axolotl
Ref: https://github.com/trevp/axolotl/wiki
- DAKE (Deniability AKE)
Ref: https://cs.uwaterloo.ca/~iang/pubs/dake-ccs15.pdf
- Proposal is being tested and written by Ian's student. O(weeks) before
seeing something.
- Free feature: offline message
- Have an unauthenticated encrypted channel at the very beginning of the data
exchange. Use curve25519. One of the reason is to never have a packet on the
network that ain't encrypted or a key exchange. Useful?
- Algorithm agility is in the version protocol. Let's _NOT_ exchange ciphers
list.
- We agree that ECC is an acceptable choice.
- No PQ for now, we'll rev. the version if we want it.
- Improve version rollback issues with v4.
(Unfortunately, I do not have the speficics on this one in the notes :S)
---
The short term goal here is to write a specification using those decisions
which can then be reviewed by the community and then start implementation.
Thanks!
David
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
