Is the OpenPGP model still useful?

Aaron Toponce aaron.toponce at gmail.com
Fri Apr 29 14:14:35 CEST 2011


On Thu, Apr 28, 2011 at 05:05:06PM +0200, Michel Messerschmidt wrote:
> Sounds very much like Off-the-Record messaging for every kind of
> communication. Or is there a difference I have missed?

The OTR protocol still uses proper authentication, it's just that the
messages aren't signed, thus allowing the user to deny creating the message
if needed. However, for an OTR session to begin, you must authenticate that
the person you are speaking is with, is the one you wish to communicate.
This is handled through the socialist millionaires protocol, and every OTR
client should have SMP properly developed.

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110429/bbcc59be/attachment-0001.pgp>


More information about the Gnupg-users mailing list