Off-the-Record Messaging Protocol version 3 Initial version approved by the Council.
The Off-the-Record messaging protocol (OTR) is widely layered on top of
XMPP to provide end-to-end encryption. Current use of the protocol is
described in &xep0364;. OTR provides its own discovery mechanism in which
it sends messages with special whitespace characters to indicate support.
While this works when initializing a session, there is no way to query a
client for support and to know in advance that a particular version of
OTR is supported. This specification aims to solve that by providing an
in-band mechanism for discovering OTR support in XMPP.
It should be noted that newer, more secure encryption protocols exist for
XMPP, and that new implementations of OTR are discouraged. This protocol
is primarily intended to solve issues with existing implementations of
OTR.
If an entity supports OTR it MUST advertise the fact by returning a
feature of 'urn:xmpp:otr:0' &VNOTE; in response to a &xep0030; information
request. This indicates support for OTRv3 as defined by &otr3;.
If older versions of OTR are required, they may be discovered out of band
using OTRs built in mechanism which is beyond the scope of this document.
Because OTR support is advertised outside of any end-to-end encrypted
stream, it may be subject to downgrade attacks (eg. the server operator
may remove OTR from the features list).
This document requires no interaction with the Internet Assigned Numbers
Authority (IANA).
This specification defines the following XML namespaces:
The ®ISTRAR; shall include the foregoing namespaces in its disco
features registry as defined in &xep0030;.