Relevance of PGP?

[Tom Metro]

Mark Woodward wrote:
> OTR encrypts an IM TCP stream so that agents between the two end points 
> shouldn't be able to read the data.

Technically, I believe OTR encrypts the message, which then gets handed
off to the particular IM protocol, which in turn is transported via TCP.
I imagine there is a fair bit of data leakage in those intermediary
layers, such as identifying both parties in the conversation.

One can envision a more security oriented IM protocol where intercepting
a connection between a client and the server would expose nothing about
who the other client is (the interceptor would be able to identify the
IP of at least one client), and with the use of padding and no-op
messages you could also obscure the size and timing of your messages.

(Have you heard that encrypted voice streams that use a variable bitrate
codec (for example, Skype) can be decoded by mapping the pattern of data
bursts to English phrases?)

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/