[guardian-dev] OTR file transfer

Hans-Christoph Steiner hans at guardianproject.info
Mon Jun 3 12:03:21 EDT 2013



On 06/03/2013 11:52 AM, Georg Lukas wrote:
> * Abel Luck <abel at guardianproject.info> [2013-06-03 17:19]:
>> There are two proposed mechanisms
>>
>> 1) XMPP+OTR: In-band byte streams using XEP-0047 with the symmetric key
>> being derived from OTRv4 TLV8
> 
> AES256-CTR with HMAC-SHA512. What are the reasons for using CTR versus
> the other modes, its support of arbitrary payload length? Anything else?
> 
> How is the CTR nonce derived / communicated to the other party?
> 
> How is the use of OTR for the file transfer communicated during handshake?
> 
> How does the other party obtain the HMAC value?
> 
>> 2) Pure OTR: A new TLV essentially providing in-band bytestreams at the
>> OTR layer
> 
> I am not quite convinced by the second approach. From the client
> implementation perspective, that means all the file transfer logic needs
> to be done twice: once for regular insecure XEP-0096, and once again for
> file-transfer over OTR... Or maybe even a third time for Jingle file
> transfers... Even with the right internal abstractions this looks like a
> layer break to me... With the first approach, it would be possible to
> switch to a different transmission mechansim (OOB, Jingle) later on,
> e.g. to preserve bandwidth.

The problem is that the XEP-0047 method is not fully end-to-end private.  The
server will obviously and distinctly see XEP-0047 traffic as file transfer and
not chat.  Doing it in OTR in combination with randomized padding and
quantized OTR packet sizes (to powers of two or whatever) means that it is
relatively easy to support file transfer in a way to that looks like chat
traffic, and also cannot be independently filtered or blocked from chat messages.

.hc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 939 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130603/81da3303/attachment.pgp>


More information about the Guardian-dev mailing list