Martin: Off the Record Messaging: A Tutorial

You get _complete_ immunity to passive attackers and to dragnet data collection/archival invisibly and ~costlessly. (well there are some glitches with OTR and multiple logins on some chatnetworks which are only solved in the latest protocol versions— but on the flipside OTR also gives you transparent message splitting).

You also get active attackers which are afraid of being potentially detected and thus fail to attack for free.

And you get these things without inadvertently attaching cryptographically non-reputable authentication to your messages which may have consequences you don't expect or don't understand, or via non-ephemerially keyed cryptography (almost all SSL usage) which creates incentives for attackers to steal your systems in order to decrypt conversations in the past.

Importantly, with OTR and unlike other popular cryptographic security schemes the difficulty of getting something _better_ than immunity to passive attacks, dragnet data collection, and active attackers afraid of detection doesn't prevent you from getting all of those useful properties.

Authentication is a stick wicket in all cases. What does it even mean to be talking to a particular person? This can't be done for free, and certainly can't be done well for free. OTR makes _secure_ (e.g. not what the CA infrastructure really provides, since anyone that can fake some letterhead can usually get certs for you) authentication cheaper than almost any other system, and thats about the most you can ask for.