[jitsi-dev] OTR key management


#1

Hi devs,

*Situation*: Jitsi saves _one_ otr-key per user.
*Problem*: Users often have one key per device. Every time a user uses a
device with a different key and is authenticated, the other key is
overwritten.

*Proposal*: Change the key-management in a way that multiple keys can be
saved.

Sadly this is a stopper for me before permanently being able to switch
to jitsi.

Stephan

···

--
Stephan Heidinger
PGP-Key: 6853A18E
http://www.jedipedia.net


#2

In the IRC foukus_f just told me this was already discussed [0]. There
is mention of a ticket for this, which I was not able to find in trac.

···

On 01.09.2014 10:50, Stephan Heidinger wrote:

Hi devs,

*Situation*: Jitsi saves _one_ otr-key per user.
*Problem*: Users often have one key per device. Every time a user uses a
device with a different key and is authenticated, the other key is
overwritten.

*Proposal*: Change the key-management in a way that multiple keys can be
saved.

Sadly this is a stopper for me before permanently being able to switch
to jitsi.

Stephan

[0]: http://lists.jitsi.org/pipermail/dev/2013-January/001115.html

--
Stephan Heidinger
PGP-Key: 6853A18E
http://www.jedipedia.net

You see a funny file "signature.asc" attached to this email and don't
know what to do with it? Encrypt your mails using PGP:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy


#3

Yes, we are aware of it. I am not aware of anyone currently having the time to work on it though so if you know anyone interested, now would be the time to ping them.

Emil

···

On 01.09.14, 12:00, Stephan Heidinger wrote:

In the IRC foukus_f just told me this was already discussed [0]. There
is mention of a ticket for this, which I was not able to find in trac.

On 01.09.2014 10:50, Stephan Heidinger wrote:

Hi devs,

*Situation*: Jitsi saves _one_ otr-key per user.
*Problem*: Users often have one key per device. Every time a user uses a
device with a different key and is authenticated, the other key is
overwritten.

*Proposal*: Change the key-management in a way that multiple keys can be
saved.

Sadly this is a stopper for me before permanently being able to switch
to jitsi.

Stephan

[0]: http://lists.jitsi.org/pipermail/dev/2013-January/001115.html

--
https://jitsi.org


#4

Hello all,

It's been a while! :slight_smile:
Just noticed this topic.

Problem*: Users often have one key per device. Every time a user uses a
device with a different key and is authenticated, the other key is
overwritten.

Last time I checked, Jitsi was storing a list of verified key fingerprints
for every contact. So the problem you describe should be fixed in the
latest nighly.

Or are there any changes on the OTR plugin that I'm not aware of?

Best regards,
Marin

···

On Tue, Sep 2, 2014 at 3:21 PM, Emil Ivov <emcho@jitsi.org> wrote:

Yes, we are aware of it. I am not aware of anyone currently having the
time to work on it though so if you know anyone interested, now would be
the time to ping them.

Emil

On 01.09.14, 12:00, Stephan Heidinger wrote:

In the IRC foukus_f just told me this was already discussed [0]. There
is mention of a ticket for this, which I was not able to find in trac.

On 01.09.2014 10:50, Stephan Heidinger wrote:

Hi devs,

*Situation*: Jitsi saves _one_ otr-key per user.
*Problem*: Users often have one key per device. Every time a user uses a
device with a different key and is authenticated, the other key is
overwritten.

*Proposal*: Change the key-management in a way that multiple keys can be
saved.

Sadly this is a stopper for me before permanently being able to switch
to jitsi.

Stephan

[0]: http://lists.jitsi.org/pipermail/dev/2013-January/001115.html

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Last time I checked, Jitsi was storing a list of verified key fingerprints
for every contact. So the problem you describe should be fixed in the
latest nighly.

Ok, I can verify this with the nightlies. Thats even better than having
to find a way (-:

···

--
Stephan Heidinger
PGP-Key: 6853A18E
http://www.jedipedia.net

You see a funny file "signature.asc" attached to this email and don't
know what to do with it? Encrypt your mails using PGP:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy