Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] mod_require_otr in prosody

Ximin Luo infinity0 at pwned.gg
Sun Feb 2 15:00:49 PST 2014


On 02/02/14 18:25, Nathan of Guardian wrote:
> On 02/02/2014 12:17 PM, Seth wrote:
>> On Sat, 01 Feb 2014 04:16:34 -0800, Eleanor Saitta <ella at dymaxion.org>
>> wrote:
>>
>>> Likewise, they mostly only support a single fingerprint per user,
>>> which vastly complicates use with multiple (mobile/desktop, for
>>> instance) clients.
>>
>> Are you aware of any OTR capable XMPP clients or OTR plugins which
>> currently _do_ support multiple fingerprints per user?
> 
> ChatSecure for Android does. We store fingerprints based on the full
> JID, which includes the resource, meaning that:
> 
> nathan at guardianproject.info/chatsecure
> nathan at guardianproject.info/pidgin
> 
> can have unique verified fingerprints.
> 

I don't think this approach is useful, see http://sourceforge.net/p/otr/bugs/24/

When I validate a key I am validating it against an *identity* and not a device. It is not an attack if my friend moves the key from one device to another.

> In our work documenting the various keystore formats for our KeySync
> project, I know that we came across a few other apps that do this as
> well, at least in theory.
> 
> +n
> 

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git



More information about the liberationtech mailing list