[guardian-dev] OTR file transfer

Hans-Christoph Steiner hans at guardianproject.info
Mon Jun 3 10:42:50 EDT 2013



On 06/03/2013 07:57 AM, Nathan of Guardian wrote:
> On 06/03/2013 12:55 AM, Miron Cuperman wrote:
>> For now, my plan is to implement data transfer within OTR.  The
>> advantages include not depending on XMPP and being easier to implement.
> I am excited about the innovation-side of this, and the applications
> beyond XMPP, as you mention.
> 
>>
>> We can look at XEP-0047 in a future phase.
>>
>> Does this sound fine, or are there strong reasons to do XEP-0047?
> The reason to implement the XEP is interoperability with other clients.
> If we could push the use of OTR for symmetric key generation, and then
> XEP47 for file transfer encrypted using that key, as a "best practices"
> that would be good for all.
> 
> I feel like the OTR based implementation will be seen as a "cool hack",
> but since it is not a standard, we may have a hard time getting others
> to support it.

I agree with all the points here.  We should support the standard way of doing
things in Gibberbot, and interoperatibility is definiteyl important.  But I
still think we should be implementing the OTR file transfer first, especially
because Miron said doing it in OTR is less work than implementing XMPP XEP-0047.

While this OTR file transfer is not standard, it clearly provides key benefits
over XEP-0047 with OTR TLV8 in terms of anonymity (the server knows quite a
bit less about what's happening).  If it works well, then we can propose to
make it part of the official OTR spec in TLV9 (or whatever number).  This is
in line with Guardian Project's mission to take on the high risk research
aspects of the development.  Plus once its in otr4j, it shouldn't be hard to
get it into Jitsi, Xabber, etc.

That said, if it was easier at this point to implement XEP-0047, I would
support doing that first.

.hc




More information about the Guardian-dev mailing list