[liberationtech] mod_require_otr in prosody
Ximin Luo
infinity0 at pwned.gg
Sun Feb 2 15:00:49 PST 2014
On 02/02/14 18:25, Nathan of Guardian wrote:
> On 02/02/2014 12:17 PM, Seth wrote:
>> On Sat, 01 Feb 2014 04:16:34 -0800, Eleanor Saitta <ella at dymaxion.org>
>> wrote:
>>
>>> Likewise, they mostly only support a single fingerprint per user,
>>> which vastly complicates use with multiple (mobile/desktop, for
>>> instance) clients.
>>
>> Are you aware of any OTR capable XMPP clients or OTR plugins which
>> currently _do_ support multiple fingerprints per user?
>
> ChatSecure for Android does. We store fingerprints based on the full
> JID, which includes the resource, meaning that:
>
> nathan at guardianproject.info/chatsecure
> nathan at guardianproject.info/pidgin
>
> can have unique verified fingerprints.
>
I don't think this approach is useful, see http://sourceforge.net/p/otr/bugs/24/
When I validate a key I am validating it against an *identity* and not a device. It is not an attack if my friend moves the key from one device to another.
> In our work documenting the various keystore formats for our KeySync
> project, I know that we came across a few other apps that do this as
> well, at least in theory.
>
> +n
>
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
More information about the liberationtech
mailing list