integrating OTR keys into PGP key

[Hans-Christoph Steiner]

On Nov 2, 2011, at 9:54 AM, Daniel Kahn Gillmor wrote:

> On 11/02/2011 01:35 AM, Hans-Christoph Steiner wrote:
>> 
>> As part of the Guardian Project, I am starting work on a 6 month project =
>> around keeping keys in sync across phone and laptop and am currently =
>> thinking about extending gnupg to handle OTR keys. I've talked a bit =
>> with DKG about it, and I am beginning to think that this is a possible =
>> workable approach for us. Things are still in the exploratory phase, so =
>> things are somewhat vague, including use cases and threat models.
>> 
>> Right now, I am interested in people's opinion on how useful, feasible, =
>> and how much time it would take to integrate IM accounts and OTR keys =
>> into PGP keys, working towards the idea that the PGP key becomes the =
>> central repository of digital identity.
> 
> fwiw, i don't think that gnupg is the thing that would need to be
> extended here -- it's more that OTR would need to be able to fetch and
> store keys in gnupg's keyring, rather than maintaining its own keystore.
> (for both secret key material of the OTR operator, as well as for
> public key and identity material of the operator's peers).

That's fully expected, I plan to tackle adding support for this in both Pidgin and Adium.

> gnupg already permits quite a bit of flexibility in terms of what it can
> do, so i think the bulk of work in this project would be extending and
> integrating the key management capabilities for OTR.

Is there any built-in assumption that user accounts will be in email address form?  IM handles are not always in that form for services that are not XMPP/Jabber.  Can you point me towards where to start for including OTR keys in my PGP key?

Another aspect of this project is the possibility of keeping the private key in sync between two machines.

.hc


----------------------------------------------------------------------------

There is no way to peace, peace is the way.       -A.J. Muste