[cryptography] why did OTR succeed in IM?

Peter Saint-Andre stpeter at stpeter.im
Sat Mar 23 12:51:03 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 3/23/13 7:36 AM, Ben Laurie wrote:
> On 23 March 2013 09:25, ianG <iang at iang.org> wrote:
>> Someone on another list asked an interesting question:
>> 
>> Why did OTR succeed in IM systems, where OpenPGP and x.509 did
>> not?
> 
> Because Adium built it in?

In the early Jabber days, we had OpenPGP support in several clients
such as Gabber, Psi, and WinJab. Although such clients could have
created special-purpose PGP keys, in practice the perception was that
OpenPGP was "hard", that people would use existing keys, that Aunt
Tillie would never have a PGP key, etc. It didn't help that (IIRC)
GnuPG made some breaking API changes or somesuch around 2001 that
annoyed various Jabber client developers.

When we standardized the core Jabber protocol as XMPP at the IETF in
2003-2004, the working group settled on using X.509 for various
not-so-good reasons related to IETF politics at the time, resulting in
the monstrosity known as RFC 3923. (And we all know how well
client-side X.509 certificates have worked out.)

IMHO, there are three main reasons why OTR succeeded:

1. It worked across all IM systems.

2. It was relatively friendly for end users, compared to OpenPGP and
X.509.

3. It was built into the most popular open-source IM clients (Pidgin
and Adium).

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRTd12AAoJEOoGpJErxa2pdTUP/1kayFnLB44xazI0u6KjKZU+
n5TzJwa3fxV0BF1monO+LP4ySTtRMeodY3zEpA+40vgMDEVKblqZ/0RgzQPvoCW7
AJWu4YYTRZVTMohA7aK09DaDaLJyj97kao/6NgOQpdrtNbJS3syxuSeYTgmEkQH0
uqUtiAulrDt4LYpMkrAT0l+6+mb8Q+5MkIpxwaJjjMGi/MItDRa85TE1j0EQA4e0
xnzAqaVlLYDySrmJR4E8HXE8XPdGe8MiYWt5+hhjeWjg2KU2OG7b6T3gYrUxPgxH
Olpox7HG8tkWviKhQM7k9h4FGgsEkJWDYoLwSW4AJej2Gt8ok4gOzLlo/DCDAUOK
hIwAMVIaanTREMaWqBqK20Sqh29t/zrcQsfqXNhElJV3QfGKHTT9aFAncnJR6bEy
C4OuVomY3BQsBSZ4zOgndrwlkNo6i9D1k0xywE3VAKytWNuDLUbpghAWCt7ue97U
gFTuUiK1DDj39qct9+NDGp6eDon9NsNLo+R8O6XlqwkEYcN5QuyF2Csi/6hAyNCX
mSj31OBDgqwD1NBenU9BIicXRCUWSW2Vtc7An8OzSg8g2DR1ZJi5XlD2S26j8HUR
d+COX0LmGWgY5w4bEtp+NzRc6W0Wri+NjyMH4D6uC9FayWpXPmg+xlfQYiznl9UC
9wQx5nnvncWRdE7pcqCN
=FUsJ
-----END PGP SIGNATURE-----


More information about the cryptography mailing list