Encryption: No one else can read your instant messages.
Authentication: You are assured the correspondent is who you think it is.
Deniability: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy: If you lose control of your private keys, no previous conversation is compromised.
The deniability is the most interesting. Normally PKI is semi-permanent and everyone knows you by your signature, made with the private key that only you control. But here it looks like disposable private keys: https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html My question is how does Alice know who Bob is? It seems as though they first need a traditional PKI solution to authenticate, then they can use this to send messages. Of course the traditional solution could use a yubikey (hardware private key) handed off in person.
Thank you for that review.