Is the OpenPGP model still useful?
aaron.toponce at gmail.com
Fri Apr 29 14:14:35 CEST 2011
On Thu, Apr 28, 2011 at 05:05:06PM +0200, Michel Messerschmidt wrote:
> Sounds very much like Off-the-Record messaging for every kind of
> communication. Or is there a difference I have missed?
The OTR protocol still uses proper authentication, it's just that the
messages aren't signed, thus allowing the user to deny creating the message
if needed. However, for an OTR session to begin, you must authenticate that
the person you are speaking is with, is the one you wish to communicate.
This is handled through the socialist millionaires protocol, and every OTR
client should have SMP properly developed.
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users