February 20, 2005
In short OTR gives paranoid instant messagers authenticated secrecy and repudiation. According to the authors this is perfect for the paranoid chatter that wants to engage in casual conversations online, wants to keep them secret, but wants to be able to deny its contents if necessary.
It works by generating a common shared secret that is used both to 'sign' and encrypt the messages. The shared secret is generated using a version of Diffie-Hellmann. As each message is signed by the shared secret and not the private key of the sender there is at all times two people knowing the shared secret. Hence they trust each other, but they cannot use the conversation to prove legally what the other said.
Neat. But useful? Maybe. Ok, so the protocol is reputiable, and if the keys are disposed of in a proper manner it is also confidential. Atleast if you don't store a chat history. Even if you can legally repudiate what was in a transcript I sense that if you leaked confidential information this way hiding behind repudiation is somewhat weak a defence.
Interesting question; does anyone know if this "new protocol" diffrentiates radically from what SecWay has implemented in their Secure Instant Messaging Protocol product - more specifically in the Authenticated mode?Posted by ludvig at February 20, 2005 11:36 PM | TrackBack