From rabbi at abditum.com Tue Mar 4 13:22:40 2008 From: rabbi at abditum.com (Len Sassaman) Date: Tue, 4 Mar 2008 10:22:40 -0800 (PST) Subject: [OTR-dev] daemon-only? In-Reply-To: References: Message-ID: The first few versions of OTR-proxy were commandline-only. I actually liked that better than this one -- very few people verify keys anyway, and for warnings, you could always insert the warning message into the IM itself as OTR does already. (As for the UI sucking, I agree. I've had on my todo list a native Cocoa app built with Interface Builder for the Mac, and something better then wxWidgets for everything else, but, I'm busy. However, I can give pointers from feedback from the HCI group here if anyone else wants to take this on.) The best fix would be to make OTR-proxy unnecessary, though. Lobbying the chat client authors to include native OTR support as Adium as done would be good. Trillian has expressed willingness (though it seems to be low priority). I think all but AOL/Apple/Microsoft/Google could probably be persuaded. (Which unfortunately still leaves a need for a good OTR-proxy. I'll try to make that a higher priority.) --Len. On Wed, 6 Feb 2008, alex black wrote: > hey all, > > is there a daemon-only version of otrproxy? I think it would be pretty > easy to do this from the commandline, and then I wouldn't have to keep > a window running all the time (which would reduce memory consumption..) > > any opinions? > > best, > > _alex > > > -- > alex black, founder > the turing studio, inc. > > 510.666.0074 > root at turingstudio.com > http://www.turingstudio.com > > 800 jones street > berkeley, ca 94710 > > > > _______________________________________________ > OTR-dev mailing list > OTR-dev at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > --Len. From jwn2 at ucsd.edu Tue Mar 4 13:54:01 2008 From: jwn2 at ucsd.edu (John W Noerenberg II) Date: Tue, 4 Mar 2008 10:54:01 -0800 Subject: [OTR-dev] daemon-only? In-Reply-To: References: Message-ID: At 10:22 AM -0800 3/4/08, Len Sassaman wrote: >The first few versions of OTR-proxy were commandline-only. I actually >liked that better than this one -- very few people verify keys anyway, and >for warnings, you could always insert the warning message into the IM >itself as OTR does already. > >(As for the UI sucking, I agree. I've had on my todo list a native Cocoa >app built with Interface Builder for the Mac, and something better then >wxWidgets for everything else, but, I'm busy. I have a similar problem. :-) >However, I can give pointers from feedback from the HCI group here >if anyone else wants to take this on.) Marshall Clow and I have compiled a list of things we'd like to change, but any feedback you want to send our way would be useful. The general plan is to create a daemon controlled by user preferences that would be managed separately. Ideally the daemon could handle more IM services than just AIM - but there are well known obstacles here. :-) > >The best fix would be to make OTR-proxy unnecessary, though. Lobbying the >chat client authors to include native OTR support as Adium as done would >be good. Since the protocol is essentially the same regardless of the IM service, I'd hate to see clients for each service have to implement the protocol. That feels like unnecessary duplication to me. >(Which unfortunately still leaves a need for a good OTR-proxy. >I'll try to make that a higher priority.) Same here. -- john noerenberg ---------------------------------------------------------------------- Statt des t?richten Ignorabimus hei?e im Gegenteil unsere L?sung: Wir m?ssen wissen, Wir werden wissen. -- David Hilbert, "Logic and the Understanding of Nature, Sep 1930 ---------------------------------------------------------------------- From rabbi at abditum.com Tue Mar 4 13:58:39 2008 From: rabbi at abditum.com (Len Sassaman) Date: Tue, 4 Mar 2008 10:58:39 -0800 (PST) Subject: [OTR-dev] daemon-only? In-Reply-To: References: Message-ID: On Tue, 4 Mar 2008, John W Noerenberg II wrote: > Since the protocol is essentially the same regardless of the IM > service, I'd hate to see clients for each service have to implement > the protocol. That feels like unnecessary duplication to me. I think there's a clear need for a BSD-licensed OTR library, which would take care of that issue. From mehmet.muhtar at gmail.com Tue Mar 4 19:09:16 2008 From: mehmet.muhtar at gmail.com (mehmet muhtar) Date: Wed, 5 Mar 2008 02:09:16 +0200 Subject: [OTR-dev] Identity Based Encryption plug-in based on OTR Message-ID: Hello guys, I really am sorry if this is not the place, but I have to get an answer about this issue since this is my graduation project. I am assigned to design an IBE (Identity Based Encryption) plug-in for Pidgin and I'm wondering whether this can be done with some modifications to OTR plug-in. Since libgcrypt does not provide IBE engine, my question is, what specifications should a library have to be a library which can be used with Pidgin like libgcrypt is used? Long story short, can the following libraries be imported, or used with Pidgin? http://www.shamus.ie/ available for download @ ftp://ftp.computing.dcu.ie/pub/crypto/miracl.zip http://crypto.stanford.edu/pbc/ available for download @ http://crypto.stanford.edu/pbc/download.html Since i got you code guru guys here, just one more quick question, can executable files be manipulated within Pidgin ? Speaking of IBE encryption, I have 4 phases of IBE encryption ready to roll as win32 console applications (setup, extract, encrypt, decrypt), is there a way to make Pidgin plug-in code command these executables and receive feedback from them ? Let's just say, like very simple, decrypt message using the exe, return the decrypted message etc. Please don't leave me unresponded, as I was left at Pidgin-dev mail list, because I'm desperately seeking for help. Thanks in advance for reading guys, greets. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mehmet.muhtar at gmail.com Wed Mar 5 16:51:47 2008 From: mehmet.muhtar at gmail.com (mehmet muhtar) Date: Wed, 5 Mar 2008 23:51:47 +0200 Subject: [OTR-dev] Identity Based Encryption plug-in based on OTR In-Reply-To: References: Message-ID: Sorry guys if this is a repost, I somehow did not receive a confirmation on sent mail. Hello guys, I really am sorry if this is not the place, but I have to get an answer about this issue since this is my graduation project. I am assigned to design an IBE (Identity Based Encryption) plug-in for Pidgin and I'm wondering whether this can be done with some modifications to OTR plug-in. Since libgcrypt does not provide IBE engine, my question is, what specifications should a library have to be a library which can be used with Pidgin like libgcrypt is used? Long story short, can the following libraries be imported, or used with Pidgin? http://www.shamus.ie/ available for download @ ftp://ftp.computing.dcu.ie/pub/crypto/miracl.zip http://crypto.stanford.edu/pbc/ available for download @ http://crypto.stanford.edu/pbc/download.html Since i got you code guru guys here, just one more quick question, can executable files be manipulated within Pidgin ? Speaking of IBE encryption, I have 4 phases of IBE encryption ready to roll as win32 console applications (setup, extract, encrypt, decrypt), is there a way to make Pidgin plug-in code command these executables and receive feedback from them ? Let's just say, like very simple, decrypt message using the exe, return the decrypted message etc. Please don't leave me unresponded, as I was left at Pidgin-dev mail list, because I'm desperately seeking for help. Thanks in advance for reading guys, greets. -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Wed Mar 5 19:03:54 2008 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 06 Mar 2008 00:03:54 +0000 Subject: [OTR-dev] Identity Based Encryption plug-in based on OTR In-Reply-To: References: Message-ID: <47CF34EA.8010001@zen.co.uk> mehmet muhtar wrote: > Sorry guys if this is a repost, I somehow did not receive a confirmation > on sent mail. > > Hello guys, > I really am sorry if this is not the place, but I have to get an answer > about this issue since this is my graduation project. > I am assigned to design an IBE (Identity Based Encryption) plug-in for > Pidgin I think that one if the reasons why responses have been lacking is because there is a philosophical conflict: OTR is all about the user retaining control of his communications and keys. while IBE is necessarily [1] about centralised key control and administration. But I don't know enough about the OTR libraries to answer you anyway. [1] unless you have invented something new in IBE - if anyone is interested, perhaps one of Ian students?, I have a small suggestion and no time to work on it. -- Peter Fairbrother From fredrik.normann.junk at gmail.com Wed Mar 5 19:31:59 2008 From: fredrik.normann.junk at gmail.com (fredrik normann) Date: Wed, 5 Mar 2008 22:31:59 -0200 Subject: [OTR-dev] OTR, python and emesene plugin Message-ID: Hey, I'm trying to make a otr plugin for the msn clone, http://emesene.org. I found some code on the forum of emesene that maybe could be of use, but I'm not sure how up-to-date it's and it's a bit hard for me to port the c-code of the pidgin plugin over to python... I may be taking a bit too much water over my head, but isn't that the way you learn to swim? :) Any inputs or help on how to proceed would be nice. -fredrik-normann- -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: otr2-py.tar.gz Type: application/x-gzip Size: 8177 bytes Desc: not available URL: From ian at cypherpunks.ca Wed Mar 5 19:48:43 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 5 Mar 2008 19:48:43 -0500 Subject: [OTR-dev] Identity Based Encryption plug-in based on OTR In-Reply-To: References: Message-ID: <20080306004843.GE5786@yoink.cs.uwaterloo.ca> > I think that one if the reasons why responses have been lacking is > because there is a philosophical conflict: OTR is all about the user > retaining control of his communications and keys. while IBE is > necessarily [1] about centralised key control and administration. > > But I don't know enough about the OTR libraries to answer you anyway. > > > [1] unless you have invented something new in IBE - if anyone is > interested, perhaps one of Ian students?, I have a small suggestion and > no time to work on it. One of my students and I have actually implemented IBE with a distributed PKG, so that some threshold number of PKG nodes would have to collude to recover your private key. Agreed that it doesn't make much sense in the IM context, though, as you've necessarily got an interactive communication channel over which you can do key exchange. http://www.cacr.math.uwaterloo.ca/techreports/2007/cacr2007-33.pdf - Ian