cobratbq
commented
5 years ago Too much of an implementation detail.
Closed cobratbq closed 5 years ago
cobratbq
commented
5 years ago Too much of an implementation detail.
claucece
commented
5 years ago Just to clarify here: all data is significant in the Client Profile. The only optional fields are the transitional signature and the DSA key. All other data must be present. The Client Profile has to be published always.
cobratbq
commented
5 years ago I won't bother you with the long answer. In short, I understand completely. What I was considering was the data transferred between the chat application and the OTR library, such that the OTR library can handle the critical parts w.r.t. signing, profile validity/expiration/publication. I closed the issue because it felt like the comment was too strictly coupled to my own implementation choices. Hence not too relevant in general.
It may be useful to make a distinction between the data that is significant as part of the ClientProfile and the data that is important for the signed profile "payload". Most fields are relevant to the profile, but it seems to me that the
Client Profile Expirationis only really useful for the signed payload.When handling data in the client, one can internally manage the data without the expiration date and only when a (renewed) signed profile is required do we need to add a timestamp that we can determine at that time.