Title: The devil is in the detail: designing and implementing the 4th version of the Off-the-Record messaging protocol
Speaker: Sofia Celi, Cloudflare Inc
Date: September 10, Thursday
Time: 11:00 – 12:00 (Israel, UTC+03:00)
09:00 – 10:00 (UK, UTC+01:00)
04:00 – 05:00 (EDT, UTC-04:00)
18:00 – 19:00 (AEST, UTC+10:00)
Abstract: OTRv4 is the newest version of the Off-The-Record messaging protocol (OTR), where the newest academic research intertwines with practical real-world implementations. The reasoning for having a 4th version of OTR is to update the protocol to more well-defined security and privacy properties, to improve the usability of the protocol implementation, and to correctly prove its security claims.
On this talk, we will present a historical travel of where OTR comes from, why there is a need for this protocol, and why certain design decisions were made for it. As it has a newer version, we will also talk about what steps have been made to make its implementation more secure, how it has been proven, and what challenges lie ahead. We will further emphasize on this talk why designing and implementing this protocol (and similar ones) take time, as ‘the devil is in the detail’: in order to give a proper and secure implementation of OTR, we need to carefully analyze all the paths that the protocol can take.
Short bio: Sofía Celi is a cryptography researcher and implementer at Cloudflare.
She currently leads the design and implementation of OTRv4. She is also working on modelling deniability, strengthening the usability of cryptographic implementations and analyzing how digital tools are used to enhance gender-base violence.