Fwiw, otr doesn't require servers. Just 2 clients, i.e. endpoints, and a pair of long-term keys. The rest is handled by the protocol.
E2EE DMs are coming to Nostr 🔒
After being nerd sniped by hearing nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 mention OTR for the millionth time on the Bitcoin Review podcast, I spent the last few weeks digging into OTR, the Signal protocol, and a grab-bag of other cryptography.
The end result is that I (am pretty sure at least) that I found a way to do E2EE (end-to-end encrypted) DMs on Nostr in a way that is both forward and post-compromise secure AND doesn't require any centralized servers.
Demo video: https://share.cleanshot.com/nMKk6cn0
Live demo app: https://drdm-demo.vercel.app
And finally, the NIP (for those of you with bikes in need of a shed): https://github.com/nostr-protocol/nips/pull/1206
Huge thanks to nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt and nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft for the chats while I worked out the details.
Discussion
To be more accurare: you would need some "prework" to be available only if you cannot afford to wait for the protocol to establish the secure session. So if someone you never spoke to, isn't online, but you need to send a message *immediately*, then yes, you would need to access that "prework", e.g. a profile somewhere, for it to be the initial input for establishing the secure session immediately.