From ian at cypherpunks.ca Fri Dec 3 10:21:46 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 3 Dec 2004 10:21:46 -0500 Subject: [OTR-announce] 0.9.1 online Message-ID: <20041203152146.GG2278@smtp.paip.net> 0.9.1 is online. I've figured out how to build .deb files, so one of those is online, too. [I assume Paul will build the .rpm; I'll get that up when he does.] - Ian Changelog: - Clicking "OTR: Private" when you're already private will display an info dialog letting you know the connection was refreshed (assuming it actually is; if the other side isn't running OTR at all, the dialog doesn't show, and if the other side had lost its private connection, a new one will be established, with the "new private connection" dialog displayed to each side (as before)). - The toolip for "OTR: Private" is now "Refresh the private connection". - "make install" now depends on "make all". - Added man page for OTR toolkit programs - Log a debug message when we receive and discard a heartbeat - Fixed the Makefiles so that "make clean" also removes the binaries - Fixed the Makefiles so that they install into DESTDIR - Added packaging/debian From ian at cypherpunks.ca Wed Dec 8 19:46:57 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 08 Dec 2004 19:46:57 -0500 Subject: [OTR-announce] gaim-otr-0.9.9rc1 online Message-ID: 0.9.9rc1 is up. This is a release candidate for 1.0. Please bang on it. Paul's kindly donated a mirror site: http://www.xelerance.com/mirror/otr/ With luck, even if we eventually get /.ed, it'll hold up better than my 1M ADSL line at home. ;-) Changelog: - Removed the 100 private connection limit, by not using a fixed amount of secure memory. Unfortuantely, this means that *no* memory is pinned any more, but pinning only ever happened before in the unlikely event you ran gaim as root. - Changed the "Private connection with (username) refreshed" dialog at Paul's request so that it's no longer in "scary" "evil" bold, and rephrased it so it's less likely to be misread as "refused" instead of "refreshed". ;-) - We now send heartbeats (OTR Data Messages with an empty message part) once a minute, to anyone we're confident is still online. If both sides are doing this, then keys get rotated regularly, even if one or both sides aren't actively typing. This aids perfect forward secrecy. - Fixed a bug wherein multi-person chat windows would get the OTR button in their button bar if the OTR plugin was enabled when one of them was active. Links: http://www.cypherpunks.ca/otr/ http://www.cypherpunks.ca/otr/gaim-otr-0.9.9rc1.tar.gz http://www.cypherpunks.ca/otr/gaim-otr_0.9.9rc1-1_i386.deb http://www.cypherpunks.ca/otr/gaim-otr-0.9.9rc1-1.i386.rpm http://www.cypherpunks.ca/otr/gaim-otr-0.9.9rc1-1.src.rpm Thanks! - Ian From ian at cypherpunks.ca Fri Dec 10 15:40:40 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 10 Dec 2004 15:40:40 -0500 Subject: [OTR-announce] 0.9.9rc2 is up Message-ID: I've redesigned the web page (http://www.cypherpunks.ca/otr/). Please send comments. (And additions for the FAQ.) Changes: - Found and fixed a nasty bug that was tickled if you were OTRing to people on Jabber and AIM at the same time. (And maybe in some other situations.) - Heartbeats now only get sent if (1) we have just received a message, and (2) we haven't sent one to that user in over a minute. That way, we don't try to send a message to someone to may be offline (and thus end up with an annoying error dialog). Have at it! - Ian From ian at cypherpunks.ca Sun Dec 12 18:27:39 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 12 Dec 2004 18:27:39 -0500 Subject: [OTR-announce] 1.0.0 is here! Message-ID: Woohoo! Just a minor UI issue fixed: - OTR button now gets sensitized and desensitized along with the other buttons in the conversation window when you log in and out of accounts. We'll send in a /. blurb tomorrow. Thanks to all the beta-testers! Now: on to the show! :-) - Ian From ian at cypherpunks.ca Tue Dec 14 17:42:31 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 14 Dec 2004 17:42:31 -0500 Subject: [OTR-announce] 1.0.1 online Message-ID: Changes suggested by Gregory Maxwell : - Added a more sensible error message in the event that we receive our own OTR Key Exchange messages. This means either we're talking to ourselves, or someone is reflecting our messages back to us. - This should be considered an experimental feature: If we're about to send a plaintext message to a correspondent for whom we've got a fingerprint, append a special (whitespace) OTR tag sequence. The other side (if in fact running OTR) will recognize it and start a Key Exchange. But if he replies without starting a Key Exchange, stop appending the whitespace. That first message will still go in the clear, of course, and this will only work if both ends support it (i.e. upgrade to this version) http://www.cypherpunks.ca/otr/ for the source, deb, or rpm versions. Particularly, I'd like to know what you think of the whitespace thing. - Ian From ian at cypherpunks.ca Tue Dec 21 14:48:44 2004 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 21 Dec 2004 14:48:44 -0500 Subject: [OTR-announce] OTR 1.0.2 is online Message-ID: I've put 1.0.2 online. Changes: * If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys, he can perform a birthday attack to try to get his session id with each end to match. Since the session id was only 64 bits long, his work was only 2^32, which is not enough. We now make the session id the whole SHA-1 hash, instead of truncating it, to protect against even this unlikely scenario. * Made otr_sesskeys output the calculated public key as well, for added ease of forging messages when you don't know any plaintext. deb's and rpm's are there, too. http://www.cypherpunks.ca/otr/ - Ian