Hello everyone! The OTR-inspired and end-to-end secure Yabasta protocol has received a significant update today. You can see the updated protocol at <https://github.com/jonkri/yabasta-protocol/>.
The protocol now supports a higher degree of anonymity than it did before. The public key is no longer automatically transferred in the authenticated key exchange (as is the case with the Off-the-Record protocol). Instead, the key exchange only exposes a signature. Users can then perform various identity verification actions (such as "challenges") to increase their trust in the remote peer before they reveal their public key. This is done so that clients can choose to consider their public keys a secret credential, and not automatically reveal their public keys to an active man-in-the-middle attacker. The protocol has also been made more flexible. Clients can now configure things like what prime numbers to use for the Diffie-Hellman calculations, as well as what cryptographic and signing algorithms to use. Other updates include a separation between the abstract method and the actual protocol implementation, various clean-ups, and additional explanations to make the document easier to understand. Feedback is more than welcome! :-) Thanks! Jon Kristensen
