[opensource-dev] Encrypted chat & third-party servers

[Aidan Thornton]

On 8/25/10, Brian McGroarty <soft at lindenlab.com> wrote:
> Has anyone spent time looking at the encrypted chat feature included in some
> third-party viewers? It's my understanding that this contacts third-party
> servers in obtaining and validating keys. Is that correct? If so, do these
> connections share any information about the user that we should require to
> be disclosed per section 4.b of the TPV Policy?[1]

I haven't looked too closely at the encrypted chat in Emerald and
similar viewers, but my understanding is that it - and all the other
third-party viewers - use OTR in a fairly standard way. OTR is
deliberately designed not to use any third party server to obtain or
validate keys - instead, it provides a way for pairs of OTR users to
validate each other's keys directly with each other[2]. All
communication happens over the underlying IM protocol, in this case
Second Life IMs.

Unless someone's really screwed up the implementation in one of the
viewers, OTR should have no interesting privacy implications
whatsoever. OTR keys are designed to be per-account (so provide no way
of matching up alts) and the encryption scheme used carefully avoids
non-repudiation; that is, neither party can use it to prove what the
other said to a third party after the fact any more than they could
with plain-text IMs. It's basically pretty benign.

[1] NMF.
[2] Specifically, it uses the Socialist Millionaire Protocol to verify
the keys, using a piece of information that only the two people know.
See http://en.wikipedia.org/wiki/Socialist_millionaire - note that
neither the secret answer nor any information that could usefully help
to determine it is ever shared with the other party!