[cyphar]

If you don't need PFS (which you should need) then you can use DH to create the shared key you use for the HMAC. Maybe you could even do an original OTR-like ratchet scheme (only change the key once the recipient shows that they are using the new key) to get PFS. But in principle if you assume that key distribution is "solved" then you can implement the unique parts of OTR.

[e12e]

I'm not sure, you're saying the format and message standards of PGP of providing machine-readable signed keys aren't worth anything, because you can just memorize some base64 coded secrets and run with it?

That's how you'd prefer to bootstrap secure communication with a journalist, or for recruiting people to demonstrate against the current regime in Egypt?

> But in principle if you assume that key distribution is "solved" then you can implement the unique parts of OTR.

How can it make sense to think of it as solved? How do you backup your keys? Your list of trusted keys? Protect them against theft? Alert others to their compromise? Get alerted when keys are compromised?

Key distribution really is the only really interesting problem in secure, trusted, communication (with secure one time pads, most problems go away. The trick is to make sure you have secure one time pads, shared only with the person(s) you want to communicate with...).

Public key encryption opens up some new ways to make the problem easier, but it's just one step in the right direction.

[cyphar]

My point was that if PGP was suitable for "usable" encryption (which is the whole point of this program), then you could use the same key distribution methods but use Axolotl.