-
Notifications
You must be signed in to change notification settings - Fork 14
Home
This document describes version 3 of the Off-the-Record Messaging protocol. The main changes over version 2 include:
- Both fragmented and unfragmented messages contain sender and recipient instance tags. This avoids an issue on IM networks that always relay all messages to all sessions of a client who is logged in multiple times. In this situation, OTR clients can attempt to establish an OTR session indefinitely if there are interleaving messages from each of the sessions.
- An extra symmetric key is derived during AKE. This may be used for secure communication over a different channel (e.g., file transfer, voice chat).
OTR assumes a network model which provides in-order delivery of messages, but that some messages may not get delivered at all (for example, if the user disconnects). There may be an active attacker, who is allowed to perform a Denial of Service attack, but not to learn the contents of messages.
-
Alice signals to Bob that she would like (using an OTR Query Message) or is willing (using a whitespace-tagged plaintext message) to use OTR to communicate. Either mechanism should convey the version(s) of OTR that Alice is willing to use.
-
Bob initiates the authenticated key exchange (AKE) with Alice. Versions 2 and 3 of OTR use a variant of the SIGMA protocol as its AKE.
-
Alice and Bob exchange Data Messages to send information to each other.
- High level overview
- [Details of the protocol]