Support for TLV record Type 8

[mikrosk]

As seen in https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html:

OTR version 3 defines an additional symmetric key that can be derived by the communicating parties to use for application-specific purposes, such as file transfer, voice encryption, etc. When one party wishes to use the extra symmetric key, he or she creates a type 8 TLV attached to a Data Message (see above).

Is there a plan to include this useful feature in otr4j?

[cobratbq]

I looked into this some time ago. It is not hard to implement, and indeed I did most if not all of the work already. However, I know of no application anywhere in any language that uses this feature.

Furthermore, TLV type 8 is only a sort of "signal" to notify the client on the other side to start using the extra symmetric key that can be derived from the session's secret. However, it is not completely clear on how we do this, and there is no implementation to match it to. For example, do we add additional information to the type 8 TLV that explains how or what to use the extra symmetric key for. Do we send TLV type 8 with the first data packet? ... and already have the packet symm. encrypted? Or do we send it while establishing the out-of-band communication session? Do we include extra information in the TLV type 8 packet, for example the address on which to establish the symm. encrypted communication?

I'd love to see some example(s) or have some standardization on how it should be used.

If you're interested to try it out, I have a branch from a year or so ago where I've implemented most of this, although I wasn't able to test any of it due to lack of another client. (Testing only against own client is not as reliable.) Please see branch https://github.com/cobratbq/otr4j/tree/tlv8 (It has fallen a bit behind because of recent improvements.)

[mikrosk]

Thank you for such a detailed answer. I'm hardly a crypto expert, even less an OTR one, so I can't help you here unfortunately. It's just I'd like to have a symmetric key backed by the session's secret in my messenger and this seemed like an elegant way (didn't want to use two different crypto stacks/libs).

Aren't you in touch with the otr people on their mailing list? (https://otr.cypherpunks.ca/index.php#lists) Perhaps you could ask the question in a more sophisticated way than I would. :-)

[cobratbq]

Well, actually, I haven't done so yet. And I have no good reason for why not. I may still do this, once I have some time. Also, any examples of how this feature is used by other OTR-enabled apps are very welcome.