Martin: Off the Record Messaging: A Tutorial
Posted Jul 31, 2012 17:59 UTC (Tue) by dkg
In reply to: Martin: Off the Record Messaging: A Tutorial
Parent article: Martin: Off the Record Messaging: A Tutorial
This "handshake" is only necessary the first time you communicate with someone else from your client. After a successful completed handshake, the clients on both sides cache their peers' public keys, and can re-establish communications confidently for future sessions.
Where this falls down, of course, is when one of the parties changes clients (or, worse, connects from a new client each time).
Key management is hard. Unfortunately, key management is also necessary for a cryptosystem to work with regular humans. Having a well-integrated historical keystore is a minor risk (compromised local software gets a list of all your past contacts!) coupled with a major advantage (you can exchange communications in confidence with anyone you've communicated with successfully in the past).
OTR does a pretty decent job of key management within its domain.
to post comments)