<br><br><div class="gmail_quote">2013/7/27 Ian Goldberg <span dir="ltr"><<a href="mailto:ian@cypherpunks.ca" target="_blank">ian@cypherpunks.ca</a>></span><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div class="im">On Sat, Jul 27, 2013 at 08:23:51PM +0200, Randolph D. wrote:<br>
> Dear Nathan<br>
> thanks for the update, i am not advanced with OTR. I just try to understand<br>
> both, how the encryption of GoldBug works and how ORT is sending it. One<br>
> Point was, that you send your message always to ONE Server, e.g. Jabber /<br>
> XMPP Server.<br>
> With a Echo Server from GoldBug E*MPP you send the message to 3-4 Servers<br>
> parallel, so the missunderstanding of the question was not to send it in<br>
> sequence. I just think with the new EMPP Server model, which sends out<br>
> redundancy to 3-4 Servers at the same time. When my friend has my key, and<br>
> i send it over a jabber server, this route can be mapped.<br>
> When I connect to several jabber Servers, and I would modify OTR to send it<br>
> to 4 jabber Servers, would the Destination then get the message several<br>
> times? Or just once or would the Connection be dropped, as I have no<br>
> Account at the other jabber Servers?<br>
> Ok, that was the thought in regard to EMPP and XMPP Comparison.<br>
> As I see, OTR is a plugin, now the tought to integrate the echo sever<br>
> protocol, then you send our your message either over jabber and as well<br>
> over E*MPP and the Destination with the same plugin would be able to get<br>
> it, either over echo and/or over jabber.<br>
><br>
> The thing is: of course you can send the OTR (or as well GoldBug)<br>
> encryption over a jabber server.<br>
> And of course you can send OTR over GoldBug. In case this is done, you need<br>
> no accounts at jabber server anymore. You would be free.<br>
<br>
</div>I have a hard time understanding what you're trying to ask.<br>
<br>
To be precise, OTR is a message format and protocol. pidgin-otr is the<br>
plugin for the Pidgin IM client that implements the protocol. Lots of<br>
other IM clients implement the OTR protocol using their own mechanisms.<br>
<br>
OTR is intended to be transport-agnostic, so long as the transport<br>
delivers messages in order. (On the theory that having an IM<br>
conversation will make no sense if messages are delivered out of order.<br>
Hopefully the Goldbug protocol has sequence numbers, or something like<br>
that, to order messages correctly when they're sent via disparate paths?)<br>
*Reliable* delivery is not assumed, however; if the underlying IM<br>
network drops messages, your OTR messages will similarly be dropped.<br>
Indeed, if the underlying IM network reorders messages, the only badness<br>
that happens is that the OTR messages may also get dropped.<br>
<br>
If the underlying IM network sends lots of copies of the OTR messages<br>
(say via different servers), only one will be displayed to the received,<br>
and the rest will be dropped as duplicates.<br>
<br>
Does that answer your question? If not, can you be more precise about<br>
your question?<br></blockquote><div> </div><div>Dear Ian</div><div>yes i understand it not better and if we can think together about the Option I can write some sentences still:</div><div> </div><div>The question is, if OTR can send Messages from GoldBug over OTR and the second question is, if OTR Messages could be send over the GoldBug.</div>
<div> </div><div>I read that e.g. for Google it is possible to send encrypted Messages over a Goggle-to-Google user Connection.</div><div>But... when there is only encryption sent, the admins will drop that.</div><div>So my question is, - IF OTR implements the GoldBug Kernel (spot-on-kernel from libspoton) - and sends the message as well over Google (and second) as well over the GoldBug/Spot Network, then the user will get this message in any case, even if a Chat Partner Connection is dropped or not allowed. So in this case you send the OTR Message over the echo protocol (so is it called for GoldBug / libspoton). All you need is to run the Kernel binary of libspoton as an E*MPP server. </div>
<div> </div><div>Second, now the other way round, would it be possible, that a GoldBug Message is sent to OTR, then transferred over Google to Google user. and in case the recipient has as well the OTR-E*MPP Hybrid Api installed, it would be possible to decrypt that GoldBug Message.</div>
<div> </div><div>The Echo Protocol with an E*MPP Chat Server as kernel in a hybrid OTR allows then to be more flexible and would add a multilayer of encryption to both. Furthermore it would provide GoldBug an Api for e.g. Pidgin, when OTR can READ and accept GoldBug Messages.</div>
<div> </div><div>So the simple Research question is: USER A -> OTR -> PIDGIN -> PIDGIN -> OTR -> USER B can be transformed to</div><div> </div><div>USER A -> GOLDBUG -> OTR -> PIDGIN -> PIDGIN -> OTR -> GOLDBUG - > USER B</div>
<div> </div><div>(this could be used as a dedicated line in GoldBug, so called HALF Echo connection)</div><div> </div><div>If we then switch to an example, to use several jabber Servers in sequence, it would spread the message - if the FULL echo (= not ONE dedicated connection line) would be used - PARALLEL to several servers.</div>
<div> </div><div>This would help people in censored environments and fit with the plausible deiability of OTR, as GoldBug has this as well for a Web of Trust (WoT) build on the p2p Network of libspoton. See Homepage of <a href="http://Goldbug.sf.net">Goldbug.sf.net</a> for more Details.</div>
<div> </div><div>So many new ideas. If that could be thought, the idea would be to create in OTR an API to the E*MPP Echo Kernel and then GoldBug could deploy it or vice versa.</div><div> </div><div>What do you think? Too complex?</div>
<div><br>Kind Regards </div><div> </div><div> </div></div>