1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-25 02:32:18 -05:00

Be less harsh to OTR :P

This commit is contained in:
Paul Schaub 2020-03-08 13:07:09 +01:00
parent 94067ef61d
commit 9932fd4433
No known key found for this signature in database
GPG Key ID: 62BEE9264BF17311

View File

@ -80,12 +80,13 @@
<p> <p>
There are two main end-to-end encryption schemes in common use in the XMPP There are two main end-to-end encryption schemes in common use in the XMPP
ecosystem, Off-the-Record (OTR) messaging (&xep0364;) and OpenPGP ecosystem, Off-the-Record (OTR) messaging (&xep0364;) and OpenPGP
(&xep0027;). OTR has significant usability drawbacks for inter-client (&xep0027;). Older OTR versions have had significant usability drawbacks for inter-client
mobility. As OTR sessions exist between exactly two clients, the chat mobility. As OTR sessions existed between exactly two clients, the chat
history will not be synchronized across other clients of the involved history would not be synchronized across other clients of the involved
parties. Furthermore, OTR chats are only possible if both participants are parties. Furthermore, OTR chats were only possible if both participants were
currently online, due to how the rolling key agreement scheme of OTR online at the same time, due to how the rolling key agreement scheme of OTR
works. OpenPGP, while not suffering from these mobility issues, does not worked. Some of those problems have been addressed in OTRv4.
OpenPGP, while not suffering from these mobility issues, does not
provide any kind of forward secrecy and is vulnerable to replay attacks. provide any kind of forward secrecy and is vulnerable to replay attacks.
Additionally, PGP over XMPP uses a custom wireformat which is defined by Additionally, PGP over XMPP uses a custom wireformat which is defined by
convention rather than standardization, and involves quite a bit of convention rather than standardization, and involves quite a bit of