How to establish a random OTR remote party as a specific individual?

Question

In reading Glenn Greenwald's 2014 book No place to hide, one thing stood out to me as a bit odd. Greenwald details how Edward Snowden was insistent that Greenwald install PGP in order to communicate securely, but Snowden then later (before PGP encrypted communications is available) agrees to talk over OTR-encrypted IM on an unspecified IM network. My boldface in the quote below; this is from page 17 in the hardcover edition. Any typos are likely to be my own.

I was uncertain what he had meant about "declining short-term travel": I had expressed confusion about why he was in Hong Kong but certainly hadn't refused to go. I chalked that up to miscommunication and replied immediately. "I want to do everything possible to be involved in this," I told him, suggesting that we talk right away on OTR. I added his user name to my OTR buddy list and waited.

Within fifteen minutes, my computer sounded a bell-like chime, signaling that he had signed on. Slightly nervous, I clicked on his name and typed "hello". He answered, and I found myself speaking directly to someone who I assumed had, at that point, revealed a number of secret documents about US surveillance programs and who wanted to reveal more.

The OTR key exchange is automated, and is supposed to be verified by confirming the key fingerprint ideally out-of-band in a manner that allows both parties to confirm who they are talking to (for example, over phone by the parties recognizing each others' voices, or by means of a shared secret). But Snowden (quite likely with good reason) does not trust the communication channels -- e-mail, basically -- that he has available to Greenwald to not at least be monitored, and he probably wouldn't trust them to not be tampered with at least to some degree. Snowden doesn't actually share any documents before PGP encrypted email is available (that is basically stated on pages 19-20, again in the hardcover edition), but this still seems to me to present a communications channel bootstrapping problem.

Assuming that they have had no previous contact, how would Snowden have been able to positively confirm that he was actually talking to Greenwald, and not someone else, or someone performing a man-in-the-middle attack?

Answer 1

Verifying a remote party's identity with OTR requires a shared secret (and therefore a prior secure means of sharing secrets) or knowledge of their fingerprint (and therefore a verifiable way to communicate fingerprints).

I'm not aware of any published account of what Snowden actually did in this particular case. One realistic possibility, though, is that he might have used a trusted third party to relay the necessary information. For example: both Snowden and Greenwald had by this point established secure communications with Laura Poitras - Snowden via PGP, as described in this article in The Intercept (which also explains in some detail how he verified her PGP fingerprint), and Greenwald via OTR, as he mentions a few paragraphs before the passage you quoted. He doesn't state how (or even whether) he and Poitras verified each other's identities, but they would not have had Snowden's difficulty: they had plenty of shared history on which an OTR question-and-answer verification might be based; or they could have verified fingerprints over the phone.

So with these secure channels already established, and assuming Snowden trusted Poitras, he could have asked her to send him Greenwald's OTR fingerprint by PGP encrypted/signed email.

Answer 2

OTR allows you to ask a question to authenticate the other user. So they could've asked a question which both of them would (only) know.