From ian at cypherpunks.ca  Wed Dec  1 12:03:18 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Wed, 1 Dec 2004 12:03:18 -0500
Subject: [OTR-users] gaim-otr 0.9.0 is now online
In-Reply-To: <4602.1101847529@marajade.sandelman.ottawa.on.ca>
References: <E1CZENx-00049T-9J@smtp.paip.net> <4602.1101847529@marajade.sandelman.ottawa.on.ca>
Message-ID: <20041201170318.GA2278@smtp.paip.net>

On Tue, Nov 30, 2004 at 03:45:29PM -0500, Michael Richardson wrote:
> >>>>> "Ian" == Ian Goldberg <ian at cypherpunks.ca> writes:
>     Ian> - If we receive a Data message with no actual message in it,
>     Ian> don't display it to the user.  This may eventually be useful
>     Ian> for doing "heartbeat" key rotations.
> 
>   a) is there a debug option that would tell me this?
>   b) can we count the heardbeats, and show that somewhere?

I'm not sure why the user would need to know about the heartbeats (short
of, if they stop coming, let the user know that the private connection
has been lost).  Can you give a user scenario?

   - Ian


From mcr at marajade.sandelman.ottawa.on.ca  Wed Dec  1 12:38:31 2004
From: mcr at marajade.sandelman.ottawa.on.ca (Michael Richardson)
Date: Wed, 01 Dec 2004 10:38:31 -0700
Subject: [OTR-users] gaim-otr 0.9.0 is now online 
In-Reply-To: Message from Ian Goldberg <ian@cypherpunks.ca> 
   of "Wed, 01 Dec 2004 12:03:18 EST." <20041201170318.GA2278@smtp.paip.net> 
References: <E1CZENx-00049T-9J@smtp.paip.net> <4602.1101847529@marajade.sandelman.ottawa.on.ca>  <20041201170318.GA2278@smtp.paip.net> 
Message-ID: <10279.1101922711@marajade.sandelman.ottawa.on.ca>

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Ian" == Ian Goldberg <ian at cypherpunks.ca> writes:
    Ian> - If we receive a Data message with no actual message in it,
    Ian> don't display it to the user.  This may eventually be useful
    Ian> for doing "heartbeat" key rotations.

    >> a) is there a debug option that would tell me this?  b) can we
    >> count the heardbeats, and show that somewhere?

    Ian> I'm not sure why the user would need to know about the
    Ian> heartbeats (short of, if they stop coming, let the user know
    Ian> that the private connection has been lost).  Can you give a
    Ian> user scenario?

  a) debugging.
  b) I'm concerned about the heartbeats getting used in some fashion.
     (subliminal channel)
  c) maybe I want to use it as a subliminal channel.


- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQa4BloqHRg3pndX9AQEv7QQAhqD05rtAH9Z4ZV/yyGTT79hP1br80Yab
FBiXEP3eIYxqMd8a/X7W4ThPTNgptZAxW07AlZotGnjjY7xZi4SCbBZ8jnvRlMpv
glF9PBIPqw3gLxeEx7pS+IzzRcPgyjWWyffbadbdxxEs1XEZYMopMQBIsNx/CI0m
cKHeWhfm4ug=
=UeYW
-----END PGP SIGNATURE-----


From ian at cypherpunks.ca  Thu Dec  2 11:09:10 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Thu, 2 Dec 2004 11:09:10 -0500
Subject: [OTR-users] gaim-otr 0.9.0 is now online
In-Reply-To: <10279.1101922711@marajade.sandelman.ottawa.on.ca>
References: <E1CZENx-00049T-9J@smtp.paip.net> <4602.1101847529@marajade.sandelman.ottawa.on.ca> <20041201170318.GA2278@smtp.paip.net> <10279.1101922711@marajade.sandelman.ottawa.on.ca>
Message-ID: <20041202160910.GB2278@smtp.paip.net>

On Wed, Dec 01, 2004 at 10:38:31AM -0700, Michael Richardson wrote:
>   a) debugging.
>   b) I'm concerned about the heartbeats getting used in some fashion.
>      (subliminal channel)
>   c) maybe I want to use it as a subliminal channel.

Well, I'm still not totally clear on what use it is, but I've added
a call to gaim_debug_info() when we receive a heartbeat.  You can view
those either by opening the Debug Window in gaim, or by running gaim
with the -d option.

   - Ian


From paul at cypherpunks.ca  Wed Dec  8 20:30:45 2004
From: paul at cypherpunks.ca (Paul Wouters)
Date: Thu, 9 Dec 2004 02:30:45 +0100 (MET)
Subject: [OTR-users] Re: [OTR-announce] gaim-otr-0.9.9rc1 online
In-Reply-To: <E1CcCSP-0003eV-Hs@smtp.paip.net>
References: <E1CcCSP-0003eV-Hs@smtp.paip.net>
Message-ID: <Pine.LNX.4.61.0412090220590.15813@expansionpack.xtdnet.nl>

On Wed, 8 Dec 2004, Ian Goldberg wrote:

> Paul's kindly donated a mirror site:
>
> http://www.xelerance.com/mirror/otr/

Two infact, ftp://ftp.openswan.org/mirror/otr/ as well.
(two different servers, two different protocols, same bandwidth though :)

> With luck, even if we eventually get /.ed, it'll hold up better than my
> 1M ADSL line at home.  ;-)

Not "if", "when" :)
I have 3 out of 7 submissions approved. they keep refusing to link to my
spam stats every year I suggest to them :) Other then that, my stuff gets
approved :)

> - Changed the "Private connection with (username) refreshed" dialog at
>  Paul's request so that it's no longer in "scary" "evil" bold, and
>  rephrased it so it's less likely to be misread as "refused" instead of
>  "refreshed".  ;-)

I know. I am getting old. My pathways are becoming really deep :)

> - We now send heartbeats (OTR Data Messages with an empty message part)
>  once a minute, to anyone we're confident is still online.  If both
>  sides are doing this, then keys get rotated regularly, even if one
>  or both sides aren't actively typing.  This aids perfect forward
>  secrecy.

Why would you need to rotate the key if you do not send messages? Isn't
this just protecting against the last message being able to be read by one
compromised computer, assuming gaim is still running and a memory dump is
made? Or is this happening when one user sends plenty of messages and the
other doesn't send anything back?

I don't understand why the heartbeat is needed.

Oh, and you should set the reply-to: in mailman of the otr-announce list
to otr-users. And make sure listmembers cannot see the list of members
in mailman for all three lists.

Paul
-- 
    Math is case-sensitive
                             --- Ian Goldberg


From ian at cypherpunks.ca  Thu Dec  9 07:06:55 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Thu, 9 Dec 2004 07:06:55 -0500
Subject: [OTR-users] Re: [OTR-announce] gaim-otr-0.9.9rc1 online
In-Reply-To: <Pine.LNX.4.61.0412090220590.15813@expansionpack.xtdnet.nl>
References: <E1CcCSP-0003eV-Hs@smtp.paip.net> <Pine.LNX.4.61.0412090220590.15813@expansionpack.xtdnet.nl>
Message-ID: <20041209120655.GV816@smtp.paip.net>

[Can people also please look over the README and Protocol documents and
suggest things that need fixing/clarifying?]

On Thu, Dec 09, 2004 at 02:30:45AM +0100, Paul Wouters wrote:
> >- We now send heartbeats (OTR Data Messages with an empty message part)
> > once a minute, to anyone we're confident is still online.  If both
> > sides are doing this, then keys get rotated regularly, even if one
> > or both sides aren't actively typing.  This aids perfect forward
> > secrecy.
> 
> Why would you need to rotate the key if you do not send messages? Isn't
> this just protecting against the last message being able to be read by one
> compromised computer, assuming gaim is still running and a memory dump is
> made? Or is this happening when one user sends plenty of messages and the
> other doesn't send anything back?
> 
> I don't understand why the heartbeat is needed.

It's indeed that last bit: the perfect forward secrecy window (say, for
a message from Alice to Bob) lasts until Alice receives the next message
from Bob, and then Bob receives another one back from Alice.

If only one party is actually saying anything, then this window never
closes, and the encryption keys for really old messages are still in
active use.

Using the "heartbeats", the windows close in a mamimum of two minutes
(in the absence of an active attacker DOSing the heartbeats).

It's just an optimization; except for the size of the windows, nothing
should change if the heartbeats are or aren't sent.

> Oh, and you should set the reply-to: in mailman of the otr-announce list
> to otr-users. And make sure listmembers cannot see the list of members
> in mailman for all three lists.

Done.

   - Ian


From ian at cypherpunks.ca  Mon Dec 13 09:13:53 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Mon, 13 Dec 2004 09:13:53 -0500
Subject: [OTR-users] Oh, the humanity!  ;-)
Message-ID: <20041213141353.GA32029@smtp.paip.net>

Slashdot rejected Paul's post (appended below).  Oh, well.  Get the word
out in whatever way you can.  (Blogs, whatever?)  Feel free to just use
this text, if you wish.  Or not.

   - Ian

<a href="http://www.cs.berkeley.edu/~nikitab/">Nikita Borisov</a> and 
<a href="http://www.isaac.cs.berkeley.edu/~iang/">Ian Goldberg</a>
have released
<a href="http://www.xelerance.com/mirror/otr/">Off-the-Record Messaging</a>,
an IM plugin for private communication providing not only
the usual encryption and authentication, but also deniability and
perfect forward secrecy.  Deniability avoids digital signatures on
messages (while preserving authenticity and integrity), so there is no
hard-to-deny proof you wrote anything in particular; in fact, there is a
toolkit to help people forge messages, making it extra-hard to pin
things on you.  Perfect forward secrecy means that your past messages
and conversations remain protected even if your keys are compromised.

You can read the
<a href="http://www.xelerance.com/mirror/otr/Protocol.txt">OTR
protocol description</a>, download the
<a href="http://www.xelerance.com/mirror/otr/gaim-otr-1.0.0.tar.gz">source
code</a> for the gaim-otr plugin, or grab a gaim-otr binary package for
<a
href="http://www.xelerance.com/mirror/otr/gaim-otr_1.0.0-1_i386.deb">Debian</a>
or <a
href="http://www.xelerance.com/mirror/otr/gaim-otr-1.0.0-1.i386.rpm">Fedora
Core</a>.



From gmaxwell at gmail.com  Mon Dec 13 14:56:33 2004
From: gmaxwell at gmail.com (Gregory Maxwell)
Date: Mon, 13 Dec 2004 14:56:33 -0500
Subject: [OTR-users] Fantastic ... and a bug?
Message-ID: <e692861c04121311561d680804@mail.gmail.com>

I'm thrilled to find OTR, as it has exactly the cryptographic
properties I desire in a chat system...  It would be nice if there was
a facility to authenticate OTR signature keys using GPG so users could
leverage an existing web-of-trust, but I guess thats easy enough to do
by hand.

Most of my aim using friends are windows (mostly gaim though), not
online, or center icq users.. so I haven't been able to test it yet,
but I did try establishing an OTR conversation with myself... 
Whenever I transmit I get  " ?OTR Error: You transmitted a malformed
data message"

I haven't looked at the source code, so I'll assume that OTR doesn't
already, but it might be useful from a privacy standpoint to insert
some amount of random padding in the messages to help disguise the
length of messages.


From ian at cypherpunks.ca  Mon Dec 13 15:46:05 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Mon, 13 Dec 2004 15:46:05 -0500
Subject: [OTR-users] Fantastic ... and a bug?
In-Reply-To: <e692861c04121311561d680804@mail.gmail.com>
References: <e692861c04121311561d680804@mail.gmail.com>
Message-ID: <20041213204605.GQ816@smtp.paip.net>

On Mon, Dec 13, 2004 at 02:56:33PM -0500, Gregory Maxwell wrote:
> I'm thrilled to find OTR, as it has exactly the cryptographic
> properties I desire in a chat system...

Welcome!  (I notice you haven't joined otr-announce; you should
probably do that.)

> It would be nice if there was
> a facility to authenticate OTR signature keys using GPG so users could
> leverage an existing web-of-trust, but I guess thats easy enough to do
> by hand.

That's what we figured, too; it only needs to be done once.

> Most of my aim using friends are windows (mostly gaim though), not
> online, or center icq users.. so I haven't been able to test it yet,

Paul is apparently Very Close to having OTR working on Windows gaim. ;-)

> but I did try establishing an OTR conversation with myself... 
> Whenever I transmit I get  " ?OTR Error: You transmitted a malformed
> data message"

Yeah, that's really unlikely to work (sending messages to yourself).
Unless you make more than one AIM account; I just tried that, and it
works fine in that case.

In any event, I'm currently online as "otr4ian" on AIM if you'd like
to try it out.

> I haven't looked at the source code, so I'll assume that OTR doesn't
> already, but it might be useful from a privacy standpoint to insert
> some amount of random padding in the messages to help disguise the
> length of messages.

The protocol actually supports that (though that should be made clear in
the Protocol document): the cleartext message can be NUL-padded to any
length.  But the plugin doesn't actually add any padding; it turns out
it's surprisingly difficult to statistically protect messages well via
random padding.  Padding up to a fixed size is much better, but then
you need to choose a size that (a) will accomodate any message you're
going to send, (b) is within your pain tolerance of "wasteful", and
(c) will fit within the maximum size limits of IMs on various networks.

Thanks for your interest!

   - Ian


From paul at cypherpunks.ca  Mon Dec 13 18:06:50 2004
From: paul at cypherpunks.ca (Paul Wouters)
Date: Tue, 14 Dec 2004 00:06:50 +0100 (MET)
Subject: [OTR-users] Fantastic ... and a bug?
In-Reply-To: <20041213204605.GQ816@smtp.paip.net>
References: <e692861c04121311561d680804@mail.gmail.com> <20041213204605.GQ816@smtp.paip.net>
Message-ID: <Pine.LNX.4.61.0412132358260.1075@expansionpack.xtdnet.nl>

On Mon, 13 Dec 2004, Ian Goldberg wrote:

> Paul is apparently Very Close to having OTR working on Windows gaim. ;-)

Yes. My current state is:

- I've used Windows XP, and successfully compiled GAIM on it from source,
   using the mingw compiler and a minimum cygwin setup, as described on
   gaim's windows page.
- I've managed to compile libgpg-error on XP with mingw after going through
   tremendous DOS pains.
- I've setup a cross compile on Linux for the mingw cross compiler.
- I've cross-compiled libgpg-error
- I've cross-compiled libgcrypt, and managed to get libgcrypt.dll (untested!)
- I've cross-compiled gaim-otr with minor mingw related tweaking

My problem now is that of linking. It might not be too hard, but I ran out of
time for it two days ago, and haven't managed to pick it up. Also, I doubt
windows gaim cross compiles on Linux, so this complicates the linking phase
a bit. I fear this last step needs to happen on windows, because otherwise
I'm missing some symbols from gaim to link against.

Though I'm not a cross=compile expert, so I could be completely wrong.
If there is an interest, I can make my Windows and Linux trees available
for others to try and catch up, reproduce or finish the work.

>> but I did try establishing an OTR conversation with myself...
>> Whenever I transmit I get  " ?OTR Error: You transmitted a malformed
>> data message"

Feel free to try it out against me, PaulWouters at jabber.org

Paul
-- 
    Math is case-sensitive
                             --- Ian Goldberg


From sn at pace.mosquito.net  Thu Dec 16 16:24:40 2004
From: sn at pace.mosquito.net (Sven Neuhaus)
Date: Thu, 16 Dec 2004 22:24:40 +0100
Subject: [OTR-users] OTR for jabber
Message-ID: <41C1FD18.90708@pace.mosquito.net>

Hi,

are there any efforts underway to make OTR encryption available to 
Jabber? Is there enough of a specification to make sure independent, 
different implementations of OTR will be able to talk to each other?

-Sven


From ian at cypherpunks.ca  Thu Dec 16 19:08:49 2004
From: ian at cypherpunks.ca (Ian Goldberg)
Date: Thu, 16 Dec 2004 19:08:49 -0500
Subject: [OTR-users] OTR for jabber
In-Reply-To: <41C1FD18.90708@pace.mosquito.net>
References: <41C1FD18.90708@pace.mosquito.net>
Message-ID: <20041217000849.GD816@smtp.paip.net>

On Thu, Dec 16, 2004 at 10:24:40PM +0100, Sven Neuhaus wrote:
> are there any efforts underway to make OTR encryption available to 
> Jabber?

We use it with Jabber now; if you connect to a Jabber server with gaim,
OTR will work just fine.

> Is there enough of a specification to make sure independent, 
> different implementations of OTR will be able to talk to each other?

That's the plan.  If the Protocol document isn't complete enough for
that, it's broken, and needs to be fixed.  If you're lazy, though, the
libotr client-independent library part of the code does a lot of the
work for you.

   - Ian


From thomas at northernsecurity.net  Thu Dec 16 23:27:09 2004
From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=)
Date: Fri, 17 Dec 2004 05:27:09 +0100
Subject: [OTR-users] Slashdot
Message-ID: <20041217042709.GB15372@northernsecurity.net>

I thought you might be interested in
http://it.slashdot.org/article.pl?sid=04/12/16/1946216&tid=93 :

"Nikita Borisov and Ian Goldberg (of many, many other projects) have
released Off the Record Messaging for Gaim. Encrypt an IM, prove (at the
time) that it came from you, and deny it later. The authentication works
only when the message is sent; anybody can forge all the messages he
wants afterwards (toolkit included). Captured or archived messages prove
nothing. And forward secrecy means Big Brother can't read your messages
even if he wiretaps you AND grabs your computer later on. All the gooey
goodness of crypto, with none of the consequences! They have a protocol
spec, source code, and Debian and Fedora binaries."

/Thomas
-- 
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20041217/53f0c880/attachment.pgp>

From CLAY at BROKENLADDER.COM  Sun Dec 26 16:44:24 2004
From: CLAY at BROKENLADDER.COM (CLAY SCHENTRUP)
Date: Sun, 26 Dec 2004 13:44:24 -0800
Subject: [OTR-users] buddies
Message-ID: <1104097464.14167.211522467@webmail.messagingengine.com>

hi all:

i've installed the otr 1.0.2 plug-in for gaim, but i can't find
anyone who has it to "test it out".  if anyone wants to make a
new on-line chat buddy in san francisco, drop me a line at
brokenladder at jabber.org or br0kenladder on aim.  i'd really love
to see this plug-in in action.

cheers,
clay