[hannesm]

[author of jackline here] interesting idea, but since I'm not willing to audit all the other xmpp clients, I won't import any OTR private keys. I'm willing to import trusted fingerprints of contacts, though.

also, imho people should get used to key rollover / revocation / renewals, rather than pretending that you have a life-long key.

[mike-cardwell]

It's not that I want to keep a key for a long time, it's that I have several different clients and I want to share whatever key I'm currently using across them. That way I only have to stick the fingerprint of one OTR key on my business cards.

[hannesm]

why not then print a shared secret on your business card, and use the socialist millionaires problem (https://en.wikipedia.org/wiki/Socialist_millionaire)?

edited, added some explanation: (since there's a time span between handing out your card and verifying the FP, in which your key might have get compromised... and thus the one who received the card cannot verify whether you really got compromised and needed to update your key, or an attacker intercepted with a new key)...