[cryptography] why did OTR succeed in IM?
stpeter at stpeter.im
Sat Mar 23 12:51:03 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 3/23/13 7:36 AM, Ben Laurie wrote:
> On 23 March 2013 09:25, ianG <iang at iang.org> wrote:
>> Someone on another list asked an interesting question:
>> Why did OTR succeed in IM systems, where OpenPGP and x.509 did
> Because Adium built it in?
In the early Jabber days, we had OpenPGP support in several clients
such as Gabber, Psi, and WinJab. Although such clients could have
created special-purpose PGP keys, in practice the perception was that
OpenPGP was "hard", that people would use existing keys, that Aunt
Tillie would never have a PGP key, etc. It didn't help that (IIRC)
GnuPG made some breaking API changes or somesuch around 2001 that
annoyed various Jabber client developers.
When we standardized the core Jabber protocol as XMPP at the IETF in
2003-2004, the working group settled on using X.509 for various
not-so-good reasons related to IETF politics at the time, resulting in
the monstrosity known as RFC 3923. (And we all know how well
client-side X.509 certificates have worked out.)
IMHO, there are three main reasons why OTR succeeded:
1. It worked across all IM systems.
2. It was relatively friendly for end users, compared to OpenPGP and
3. It was built into the most popular open-source IM clients (Pidgin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the cryptography