Hello, I've become another happy developer who has the pleasure to implement an OTR-based software. I've managed to get a few simple use cases working (persistent/verified key pairs in the key store, sending/receiving of simple messages, smp authentication, ...) and I've been wondering ever since whether I should use OTR also for ciphering or stick with authentication only.
I've been working on a p2p communication client for a while and as you can imagine, in such environment is hard to predict the order of delivery, basically to predict delivery at all. According to this blog post: https://whispersystems.org/blog/advanced-ratcheting it would seem that I'm doomed. The author had implemented a "double ratchet" algorithm presented here: https://github.com/trevp/double_ratchet/wiki but as far as I know, no attempt has been made to "backport" it to libotr. However, when I tried some basic use cases like "send (encrypt) messages 1, 2, 3" and "receive (decrypt) 3, 2, 1" or "receive (decrypt) 3, 1" within a session, there wasn't any problem. Right now I don't care about forward secrecy, I'm happy to have one session per user pair forever. So my questions would be: 1. In what scenarios OTR does fail when it comes to the order of delivery? Am I safe during session at least? 2. If session is safe, what do I have to store to be able to renew the session later? Is there an API for this? (I'm using otr4j implementation, btw) 3. Are there plans to include the double ratchet algorithm into OTR? 4. And generally, is it a good idea to use OTR cipher in p2p environments? Thank you for your insight.
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
