[Freedombox-discuss] OTR in the freedombox: [Was: Re: Follow up to the FreedomBox 'bump/hi-five' challenge]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 24 00:22:19 UTC 2011
On 06/23/2011 07:13 PM, Kevin Steen wrote:
> I may be misunderstanding how it works, but it seems the Off-The-Record
> (OTR) protocol could be useful here: Use QRCodes to exchange the Public
> Key and IP address of your FreedomBoxen, and they then have enough
> information to create a secure connection and authenticate the other
> end. (Encryption keys are created at connection time with OTR.)
OTR is a great protocol for repudiable, synchronous, private,
authenticated two-party discussion, and i agree that it (or something
like it) has a place in the freedombox.
But the exchange we're discussing here (whether we call it "bump",
"hi-five", or "ManusVexo") is about establishing asymmetric keys that
will anchor future communications.
the main distributed OTR implementation has its own mechanism for key
exchange which is different from this current proposal. OTR's so-called
"socialist millionaire protocol" (SMP) for key verification has some
nice properties, but relies on people already having a well-established
shared secret beforehand, as well as knowledge of each others'
identities, so it's solving a slightly different problem than the one
we're looking to solve.
But there's no reason that the OTR chat protocol (which is itself
distinct from SMP) couldn't make use of asymmetric keys distributed via
mechanisms other than SMP. That is, it would not be a big stretch (if
there were a reasonable, well-managed shared key+identity management
infrastructure on the freedombox) to go from a pre-existing ManusVexo
key exchange to authenticated OTR without needing SMP at all.
(conversely, i could see an argument where remote parties with
pre-existing knowledge of each others' identities and a strong shared
secret could use SMP to avoid needing an in-person "bump"-style
exchange. i think most people's estimations of what "strong shared
secret" means are more often flawed than not, so i'm reluctant to
encourage this, though)
Anyway, my point is: OTR is great. clean/simple in-person key exchange
is also great. They are not in conflict, nor do they solve the same
problem.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110623/29e90320/attachment.pgp>
More information about the Freedombox-discuss
mailing list