From lx at redundancy.redundancy.org Fri Dec 2 20:17:34 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Fri, 2 Dec 2005 17:17:34 -0800 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() Message-ID: <20051203011734.GD31275@redundancy.redundancy.org> When a private conversation is ended, the user is told: %s has closed his private connection to you; you should do the same. There are also multiple masculine references in the README. Obviously, females are also potential users of using the software. Thanks! David From lx at redundancy.redundancy.org Fri Dec 2 20:26:07 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Fri, 2 Dec 2005 17:26:07 -0800 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <20051203011734.GD31275@redundancy.redundancy.org> References: <20051203011734.GD31275@redundancy.redundancy.org> Message-ID: <20051203012607.GF31275@redundancy.redundancy.org> On Fri, Dec 02, 2005 at 05:17:34PM -0800, David Thiel wrote: > There are also multiple masculine references in the README. Obviously, > females are also potential users of using the software. s/using // From gmaxwell at gmail.com Fri Dec 2 21:37:46 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Fri, 2 Dec 2005 21:37:46 -0500 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <20051203011734.GD31275@redundancy.redundancy.org> References: <20051203011734.GD31275@redundancy.redundancy.org> Message-ID: On 12/2/05, David Thiel wrote: > When a private conversation is ended, the user is told: > > %s has closed his private connection to you; you should do the same. > > There are also multiple masculine references in the README. Obviously, > females are also potential users of using the software. I hope you are aware that in English when the gender is unknown we use the masculine. To quote the resident OTR using female on your complaint "I think it's stupid." From lx at redundancy.redundancy.org Fri Dec 2 22:01:13 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Fri, 2 Dec 2005 19:01:13 -0800 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: References: <20051203011734.GD31275@redundancy.redundancy.org> Message-ID: <20051203030113.GA789@redundancy.redundancy.org> On Fri, Dec 02, 2005 at 09:37:46PM -0500, Gregory Maxwell wrote: > > There are also multiple masculine references in the README. Obviously, > > females are also potential users of using the software. > > I hope you are aware that in English when the gender is unknown we use > the masculine. According to whom? Is there some problem with "ended their session"? Even if you make that claim for the documentation, in the context of the status message, the gender of the other person *is* known to the end user, thus making the pronoun inaccurate if that person is a female. From gmaxwell at gmail.com Fri Dec 2 22:17:30 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Fri, 2 Dec 2005 22:17:30 -0500 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <20051203030113.GA789@redundancy.redundancy.org> References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> Message-ID: On 12/2/05, David Thiel wrote: > On Fri, Dec 02, 2005 at 09:37:46PM -0500, Gregory Maxwell wrote: > > > There are also multiple masculine references in the README. Obviously, > > > females are also potential users of using the software. > > I hope you are aware that in English when the gender is unknown we use > > the masculine. > > According to whom? You're kidding, right? Almost every style guide out there, including the Chicago Manual of style. Are you not a native speaker of English? (not trying to be rude, I'm just shocked you don't know this). English lacks a gender neutral singular personal pronoun. >Is there some problem with "ended their session"? 'Their' is plural and OTR doesn't yet support multi user sessions? :) I don't think it would be bad to rephrase it to avoid a pronoun alltogher, but it strikes me as an odd complaint. > Even if you make that claim for the documentation, in the context of the > status message, the gender of the other person *is* known to the end > user, thus making the pronoun inaccurate if that person is a female. It is the software speaking, and it doesn't know. And why are you so sure I know the gender of the people I talk to? :) From lx at redundancy.redundancy.org Fri Dec 2 22:45:34 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Fri, 2 Dec 2005 19:45:34 -0800 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> Message-ID: <20051203034534.GB789@redundancy.redundancy.org> On Fri, Dec 02, 2005 at 10:17:30PM -0500, Gregory Maxwell wrote: > 'Their' is plural and OTR doesn't yet support multi user sessions? "Their" is indeed traditionally plural, but is in common usage as a singular gender-neutral pronoun, and has been for some time. It's fairly well established now, though there are some pedants who still can't stand it for some reason. Some interesting reading: http://www.crossmyt.com/hc/linghebr/austheir.html > I don't think it would be bad to rephrase it to avoid a pronoun > alltogher, but it strikes me as an odd complaint. In my opinion, that's probably the best course. The complaint is mostly that it looks rather silly to see "Rebecca has ended his private communications with you". The gender in this cause is obvious to me, because I know this person and know that she is female. Thanks, David From gmaxwell at gmail.com Fri Dec 2 22:52:13 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Fri, 2 Dec 2005 22:52:13 -0500 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <20051203034534.GB789@redundancy.redundancy.org> References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> <20051203034534.GB789@redundancy.redundancy.org> Message-ID: On 12/2/05, David Thiel wrote: > > I don't think it would be bad to rephrase it to avoid a pronoun > > alltogher, but it strikes me as an odd complaint. > > In my opinion, that's probably the best course. The complaint is mostly > that it looks rather silly to see "Rebecca has ended his private > communications with you". The gender in this cause is obvious to me, > because I know this person and know that she is female. Then why didn't you just initally suggest we change it to "Rebecca has ended the private communcation with you" or "Private communcation ended by remote system" or any of the other nearly infinite permutations which involve neither gender confusion nor misuse of the personal plural? You could have just done that yet you saw fitting to claim sexism. Pardon me while I cough 'bullshit'. From lx at redundancy.redundancy.org Fri Dec 2 23:10:40 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Fri, 2 Dec 2005 20:10:40 -0800 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> <20051203034534.GB789@redundancy.redundancy.org> Message-ID: <20051203041040.GC789@redundancy.redundancy.org> On Fri, Dec 02, 2005 at 10:52:13PM -0500, Gregory Maxwell wrote: > Then why didn't you just initally suggest we change it to "Rebecca has > ended the private communcation with you" or "Private communcation > ended by remote system" or any of the other nearly infinite > permutations which involve neither gender confusion nor misuse of the > personal plural? I didn't make a suggestion at all, since the exact syntax of how it could be corrected doesn't really matter. How about "Rebecca has ended private communication with you" - or would it be "communications"? Any of those suggestions are fine. > You could have just done that yet you saw fitting to claim sexism. I should clarify then - I didn't know that such offense would be taken on a function being "sexist", and I meant it rather tongue in cheek. My actual complaint is that the message is awkward when the person it applies to is not male. It's not meant to be an affront to your grammatical prowess or the code as a whole. My apologies if I offended. -David From jcohen07 at brandeis.edu Sat Dec 3 13:28:51 2005 From: jcohen07 at brandeis.edu (Jason Cohen) Date: Sat, 03 Dec 2005 13:28:51 -0500 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <20051203041040.GC789@redundancy.redundancy.org> References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> <20051203034534.GB789@redundancy.redundancy.org> <20051203041040.GC789@redundancy.redundancy.org> Message-ID: <4391E3E3.80806@brandeis.edu> I'm surprised David's remarks were immediately attacked as "stupid" and "bullshit" without even a consideration of their validity. Some have said that he must be a non-English speaker to have made such a ridiculous request. Perhaps as a non-English speaker he noticed something strange that you all have become accustomed to. The fact that "his" is /still /used as a gender-neutral pronoun doesn't prove that the statement is not sexist. It only proves that our language itself is sexist. If you're trying to refer to an individual with an unknown gender you have three options: 1) use "him" (the common solution), 2) use "their" even though it is a plural pronoun,or 3) use his/her, which I would imagine some of you may find awkward English. The fact that so many people use "their" incorrectly as a singular pronoun shows that at least some people have a desire for a gender-neutral pronoun and are forced to resort to incorrect grammar so that their writing isn't perceived as awkward. Why can't we just change the sexist and illogical convention and begin using "his/her"? This sounds awkward to most English speakers only because they're not accustomed to hearing or seeing it. Yet, that strikes me as a pretty poor argument for continuing to use "his" when referring to an individual of unknown gender that not only sounds awkward to non-English speakers but is in addition conceptually flawed and a vestige of a patriarchal society that did consider women second-class citizens. It's also not just "his" that poses this problem. People still refer to mankind, businessmen, firemen, fisherman, man-made, mailman, policemen, congressman etc. There's nothing exclusively male about any of the mentioned professions, yet they are commonly or exclusively referred to with a non gender-neutral term. Likewise, man-made and mankind are referring to humanity and not just men so it would be far more appropriate to refer to humankind and human-made. However, society has successfully shifted away from some gendered terms such as stewardess which is now commonly referred to as a flight attendant without any awkwardness in its usage. I think it is important to note that such a large number of native English speakers use "their" as a singular pronoun that its usage has now become standard for non-formal writing. Many English speakers don't even realize that their usage of "their" is grammatically incorrect as its usage has become so common. I therefore see no difficulty in replacing his/her with his. It may be awkward for a short period time, but it will become normal over time, just as other changes in our language have come to be accepted. Jason Cohen David Thiel wrote: > On Fri, Dec 02, 2005 at 10:52:13PM -0500, Gregory Maxwell wrote: > >> Then why didn't you just initally suggest we change it to "Rebecca has >> ended the private communcation with you" or "Private communcation >> ended by remote system" or any of the other nearly infinite >> permutations which involve neither gender confusion nor misuse of the >> personal plural? >> > > I didn't make a suggestion at all, since the exact syntax of how it > could be corrected doesn't really matter. How about "Rebecca has ended > private communication with you" - or would it be "communications"? > Any of those suggestions are fine. > > >> You could have just done that yet you saw fitting to claim sexism. >> > > I should clarify then - I didn't know that such offense would be taken > on a function being "sexist", and I meant it rather tongue in cheek. > My actual complaint is that the message is awkward when the person > it applies to is not male. It's not meant to be an affront to your > grammatical prowess or the code as a whole. My apologies if I offended. > > -David > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Sat Dec 3 14:36:47 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Sat, 3 Dec 2005 14:36:47 -0500 Subject: [OTR-users] sexist assumptions in README, process_receiving_im() In-Reply-To: <4391E3E3.80806@brandeis.edu> References: <20051203011734.GD31275@redundancy.redundancy.org> <20051203030113.GA789@redundancy.redundancy.org> <20051203034534.GB789@redundancy.redundancy.org> <20051203041040.GC789@redundancy.redundancy.org> <4391E3E3.80806@brandeis.edu> Message-ID: On 12/3/05, Jason Cohen wrote: > I'm surprised David's remarks were immediately attacked as "stupid" and > "bullshit" without even a consideration of their validity. Some have said > that he must be a non-English speaker to have made such a ridiculous > request. [snip] It's an artifact of the language, yes, to accuse the author of the readme (or the readme itself) of sexist assumptions as David did is both stupid and bullshit. > If you're trying to refer to an individual with an unknown gender you have > three options: 1) use "him" (the common solution), 2) use "their" even > though it is a plural pronoun,or 3) use his/her, which I would imagine some > of you may find awkward English. Or just use a sentence structure that doesn't require a pronoun, as is most natural here. > Why can't we just change the sexist and illogical convention and begin > using "his/her"? We're talking about a readme for a somewhat obsecure piece of software here, not the chicago manual of style. People in writing and academic circles have not solved this in a way which makes everyone happy, so it would be foolish to assume we could. >This sounds awkward to most English speakers only because > they're not accustomed to hearing or seeing it. Yet, that strikes me as a > pretty poor argument for continuing to use "his" when referring to an > individual of unknown gender that not only sounds awkward to non-English > speakers but is in addition conceptually flawed and a vestige of a > patriarchal society that did consider women second-class citizens. The claim that the mere use of the male word is an example of sexism has not been substantiated. If it sounds odd to a non-native speaker it is because they do not realize that we use the male word to refer to gendern unknow as well. > It's also not just "his" that poses this problem. People still refer to > mankind, businessmen, firemen, fisherman, man-made, mailman, policemen, > congressman etc. There's nothing exclusively male about any of the mentioned > professions, yet they are commonly or exclusively referred to with a non > gender-neutral term. Here your own sexism shows: We are all man, including women. Here you attempt to say that men and women are not the same thing. From jcohen07 at brandeis.edu Sat Dec 3 17:11:44 2005 From: jcohen07 at brandeis.edu (Jason Cohen) Date: Sat, 03 Dec 2005 17:11:44 -0500 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place Message-ID: <43921820.8000906@brandeis.edu> Gregory Maxwell wrote: > On 12/3/05, Jason Cohen wrote: > >> I'm surprised David's remarks were immediately attacked as "stupid" and >> "bullshit" without even a consideration of their validity. Some have said >> that he must be a non-English speaker to have made such a ridiculous >> request. >> > [snip] > > It's an artifact of the language, yes, to accuse the author of the > readme (or the readme itself) of sexist assumptions as David did is > both stupid and bullshit. > > Neither David nor I accused the author of being sexist. Rather, we accused the author of using an archaic language convention that we believe is illogical and sexist. We didn't mount personal attacks on the author. In fact, my entire email was directed at changing our language, not at attacking the author or the README. >> If you're trying to refer to an individual with an unknown gender you have >> three options: 1) use "him" (the common solution), 2) use "their" even >> though it is a plural pronoun,or 3) use his/her, which I would imagine some >> of you may find awkward English. >> > > Or just use a sentence structure that doesn't require a pronoun, as is > most natural here. > > That is a fine solution for this particular case. My response was more general. There are certainly going to be times where it's most appropriate to use a singular pronoun when the sex of the individual referred to is unknown. I am merely arguing that when that case occurs "his/her" or "his or her" should be used as an alternative to the common "his". >> Why can't we just change the sexist and illogical convention and begin >> using "his/her"? >> > > We're talking about a readme for a somewhat obsecure piece of software > here, not the chicago manual of style. > > People in writing and academic circles have not solved this in a way > which makes everyone happy, so it would be foolish to assume we could. > > I understand your willingness to stay out of the fray for a still contested issue. However, unless you decide to refrain from using "his" when referring to an unknown individual throughout all OTR's documentation, you are making a choice to continue the status quo. By continuing to use "his" in this situation, you are stating that you accept its usage and find it appropriate. If you're going to use singular pronouns, abstaining from the debate is simply not an option. >> This sounds awkward to most English speakers only because >> they're not accustomed to hearing or seeing it. Yet, that strikes me as a >> pretty poor argument for continuing to use "his" when referring to an >> individual of unknown gender that not only sounds awkward to non-English >> speakers but is in addition conceptually flawed and a vestige of a >> patriarchal society that did consider women second-class citizens. >> > > The claim that the mere use of the male word is an example of sexism > has not been substantiated. If it sounds odd to a non-native speaker > it is because they do not realize that we use the male word to refer > to gendern unknow as well. > > It sounds odd to a non-native speaker because it doesn't appear logical to use a male pronoun when referring to an individual of an unknown gender. You continue to support the practice because it's a convention of the English language. I tried to stress in my last email that this fact is not conclusive. Simply because our language has a particular convention which has been used for hundreds of years does not mean that the convention is appropriate. Some gendered terms have already been replaced by gender-neutral terms such as flight attendant as a replacement for stewardess. There is an academic debate occurring at the moment as to whether we should change the language to reflect a commitment to gender equality. You can't abstain from that debate by saying that this is how the way things have been done in the past and therefore are appropriate for the present. >> It's also not just "his" that poses this problem. People still refer to >> mankind, businessmen, firemen, fisherman, man-made, mailman, policemen, >> congressman etc. There's nothing exclusively male about any of the mentioned >> professions, yet they are commonly or exclusively referred to with a non >> gender-neutral term. >> > > Here your own sexism shows: We are all man, including women. Here you > attempt to say that men and women are not the same thing. > > I believe the word man does and should refer to a male member of the human race. I am not contesting that "Man" has in the past and continues to be used to refer to all humans. My assertion is that it is inappropriate to refer to humanity as Man. The use of Man to refer to all humans suggests that men are the preferred or more important sex and the only sex worth mentioning. I don't suggest that an individual who uses the word "Man" in this way is sexist- only that the word does have a sexist connotation. One need only look to our history to see this. The marriage ceremony declares that the two individuals have become "Man and Wife". The man retains his identity while the woman becomes a wife with all the duties that attach to that title. Under English common law and under American law until well into the 19th century when a woman and man married the woman lost her civil existence. The system called "coverture" denied a woman the right to hold property, sue in a court of law, become a juror, or contract. Blackstone states that when a woman married she and her husband become one- the husband. Freedom was defined as the ability to contract and the only groups that were denied this right were slaves, women, and children. She completely lost her existence as recognized by the law. Despite societal change, this fact is still a part of our language. Simone de Beauvior argued in /The Second Sex (1949/) that the two sexes are Men and the Other sex. Women weren't considered to have a distinct identity but rather were referred to as a contrast to men. All of these sexist traditions and legal practices explain why Man is used to refer to all of humanity rather than just the male sex. If we continue to use these sexist laden conventions we are unwittingly enforcing sexism. Jason Cohen > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kat at paip.net Sun Dec 4 20:18:50 2005 From: kat at paip.net (Kat Hanna) Date: Sun, 4 Dec 2005 20:18:50 -0500 (EST) Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <43921820.8000906@brandeis.edu> References: <43921820.8000906@brandeis.edu> Message-ID: Okay, I'll jump in. I think language is important. Important to how we see the world around us and to how we see ourselves in the world. The fact that my first programming textbook sometimes used feminine pronouns made me feel engaged and included in a way that most science and technology textbooks had never done. That made a difference in my ability to see myself as potentially successful in the field. I favor changing constructions into gender-neutral forms when possible, alternating the use of "she" and "he" when it isn't confusing to the reader, and using "she or he" or "he/she" where appropriate. (In fact, in cryptography this problem is often solved by the fact that our cast of characters is of mixed sex.) I am also one of those pedants about subject-verb agreement that will not accept the so-called "singular their". Security software documentation often has a higher precision requirement than that of other software. And while I'm not willing to put words into Ian's mouth, I think he considered this particular example carefully. It's not okay, as pretty much everyone has suggested, to substitute a passive construction: the very point of the alert is that your buddy has closed her/his end of the connection, *but yours is still open*. I think that these sorts of alerts should use some form of the she/he variety. I think other general uses of "he" in the README should be examined to determine some reasonable alternative. And I volunteer to do this editing after my semester ends. [For the record, up until this point no member of the OTR dev team had been involved in this discussion.] Cheers. -Kat From paul at cypherpunks.ca Mon Dec 5 13:30:28 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 5 Dec 2005 19:30:28 +0100 (CET) Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: References: <43921820.8000906@brandeis.edu> Message-ID: On Sun, 4 Dec 2005, Kat Hanna wrote: > It's not okay, as pretty much everyone has suggested, to substitute a > passive construction: the very point of the alert is that your buddy has > closed her/his end of the connection, *but yours is still open*. semi-off topic. If it is that important that we close our end as well, since our remote buddy closed his/her end, why don't we just close it instead of asking the (local) user to close it? Then we could just write: OTR session with $buddy closed. Paul From ian at cypherpunks.ca Mon Dec 5 13:55:44 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 5 Dec 2005 13:55:44 -0500 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: References: <43921820.8000906@brandeis.edu> Message-ID: <20051205185544.GH4463@smtp.paip.net> On Mon, Dec 05, 2005 at 07:30:28PM +0100, Paul Wouters wrote: > On Sun, 4 Dec 2005, Kat Hanna wrote: > > > It's not okay, as pretty much everyone has suggested, to substitute a > > passive construction: the very point of the alert is that your buddy has > > closed her/his end of the connection, *but yours is still open*. > > semi-off topic. > If it is that important that we close our end as well, since our remote > buddy closed his/her end, why don't we just close it instead of asking > the (local) user to close it? > > Then we could just write: OTR session with $buddy closed. That's a security problem. Suppose you were typing a long (private) message to your buddy, and she closes her end of the private connection just before you hit "Enter". You absolutely do *not* want your message to go out in the clear. So what we do instead is this: when your buddy closes her end of the connection, all outgoing messages to her are *blocked* until you select whether to restart the private conversation, or end it. - Ian From lx at redundancy.redundancy.org Mon Dec 5 14:41:33 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Mon, 5 Dec 2005 11:41:33 -0800 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: References: <43921820.8000906@brandeis.edu> Message-ID: <20051205194133.GA90907@redundancy.redundancy.org> On Sun, Dec 04, 2005 at 08:18:50PM -0500, Kat Hanna wrote: > It's not okay, as pretty much everyone has suggested, to substitute a > passive construction: the very point of the alert is that your buddy has > closed her/his end of the connection, *but yours is still open*. Actually, it seems that in OTR 3, if the remote party terminates the OTR session, it automatically ends the session for the local user. This being the case, I think a passive construction will do just fine. There's no reason to instruct the user to terminate the conversation, since it's already been done for them. > [For the record, up until this point no member of the OTR dev team > had been involved in this discussion.] Thanks, that's good to know. Cheers, David From lx at redundancy.redundancy.org Mon Dec 5 14:47:35 2005 From: lx at redundancy.redundancy.org (David Thiel) Date: Mon, 5 Dec 2005 11:47:35 -0800 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <20051205185544.GH4463@smtp.paip.net> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> Message-ID: <20051205194735.GB90907@redundancy.redundancy.org> On Mon, Dec 05, 2005 at 01:55:44PM -0500, Ian Goldberg wrote: > That's a security problem. Suppose you were typing a long (private) > message to your buddy, and she closes her end of the private connection > just before you hit "Enter". You absolutely do *not* want your message > to go out in the clear. So what we do instead is this: when your buddy > closes her end of the connection, all outgoing messages to her are > *blocked* until you select whether to restart the private conversation, > or end it. You're right, and this is indeed what happens - ignore my explanation in the previous post, I was misled by the OTR icon displaying "Finished". Here's how the logs go if you send a message after a session is terminated by the remote user: (11:43:16) somegirl has ended his private conversation with you; you should do the same. (send a message) (11:43:17) Your message was not sent. Either end your private conversation, or restart it. (oops, refresh) (11:43:30) Attempting to refresh the private conversation with somegirl... (11:43:31) Private conversation with somegirl started. From CLAY at BROKENLADDER.COM Mon Dec 5 17:33:01 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 5 Dec 2005 14:33:01 -0800 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <20051205185544.GH4463@smtp.paip.net> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> Message-ID: <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> > > So what we do instead is this: when your buddy > closes her end of the connection, all outgoing messages to her are > *blocked* until you select whether to restart the private conversation, > or end it. by "end" it, you just mean "go back to allowing plain text", right? -- THE LAST PERSON TO DIE BY FIRING SQUAD IN THE US WAS JOHN ALBERT TAYLOR, IN UTAH IN 1996. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Mon Dec 5 18:50:03 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 5 Dec 2005 18:50:03 -0500 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> Message-ID: <20051205235003.GI4463@smtp.paip.net> On Mon, Dec 05, 2005 at 02:33:01PM -0800, CLAY SHENTRUP wrote: > > So what we do instead is this: when your buddy closes her end of the > > connection, all outgoing messages to her are *blocked* until you > > select whether to restart the private conversation, or end it. > > by "end" it, you just mean "go back to allowing plain text", right? "go back to sending plaintext", but yes. - Ian From erecio at polywog.org Mon Dec 5 19:40:47 2005 From: erecio at polywog.org (Emilio M. Recio) Date: Mon, 05 Dec 2005 19:40:47 -0500 Subject: [OTR-users] mailing list search? Message-ID: <4394DE0F.8090101@polywog.org> is there a way I can do a search the mailing list archives? I compiled otr from scratch, both the library, and the gaim-plugin. I am also using a compiled version of gaim (1.5). However, even after restarting, the plugin doesn't show up on the list of available plugins. I checked and otr was installed correctly (in the Plugins directory). -Elmo From kat at paip.net Mon Dec 5 19:51:53 2005 From: kat at paip.net (Kat Hanna) Date: Mon, 5 Dec 2005 19:51:53 -0500 (EST) Subject: [OTR-users] mailing list search? In-Reply-To: <4394DE0F.8090101@polywog.org> References: <4394DE0F.8090101@polywog.org> Message-ID: The easiest way by far is to use google with your search terms plus "site:lists.cypherpunks.ca". As for your problem, try starting gaim with "gaim -d"; it should see the plugin and tell you why it doesn't load. -Kat On Mon, 5 Dec 2005, Emilio M. Recio wrote: > is there a way I can do a search the mailing list archives? I compiled > otr from scratch, both the library, and the gaim-plugin. I am also using > a compiled version of gaim (1.5). However, even after restarting, the > plugin doesn't show up on the list of available plugins. I checked and > otr was installed correctly (in the Plugins directory). > > -Elmo > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From CLAY at BROKENLADDER.COM Mon Dec 5 22:51:07 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 5 Dec 2005 19:51:07 -0800 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <20051205235003.GI4463@smtp.paip.net> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> <20051205235003.GI4463@smtp.paip.net> Message-ID: <9129d8bb0512051951i4d8e67edn1199721d5472200@mail.gmail.com> > > by "end" it, you just mean "go back to allowing plain text", right? > > "go back to sending plaintext", but yes. my experience is that it won't even allow plain text until after i submit to that. -------------- next part -------------- An HTML attachment was scrubbed... URL: From erecio at polywog.org Tue Dec 6 08:09:26 2005 From: erecio at polywog.org (Emilio Recio) Date: Tue, 06 Dec 2005 08:09:26 -0500 Subject: [OTR-users] gaim not loading static plugin, etc. In-Reply-To: References: <4394DE0F.8090101@polywog.org> Message-ID: <43958D86.3070803@polywog.org> Since i didn't find anything of interest on the mailing lists. I ran "gaim -d" and it didn't find the gaim-otr plugin at all. The odd part is that when I did a "make uninstall" to recompile the plugin, there was only one file. It seems like the static library (gaim-otr.la), but not the shared library. So... I recompiled the plugin with (enable-shared): ./configure --disable-nls --prefix=/usr/local/ --enable-shared So... I got this: plugins: /usr/local/lib/gaim/gaim-otr.so is unloadable: libotr.so.2: cannot open shared object file: No such file or directory So... I did a search (libotr.so.2): $ locate libotr.so.2 /usr/local/src/libotr-3.0.0/src/.libs/libotr.so.2.0.0 /usr/local/src/libotr-3.0.0/src/.libs/libotr.so.2 /usr/local/lib/libotr.so.2.0.0 /usr/local/lib/libotr.so.2 So... I ldd'd it: $ ldd /usr/local/lib/gaim/gaim-otr.so linux-gate.so.1 => (0x00de6000) libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x00c8e000) libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x00f0c000) libotr.so.2 => not found libc.so.6 => /lib/tls/libc.so.6 (0x00541000) libnsl.so.1 => /lib/libnsl.so.1 (0x006a2000) /lib/ld-linux.so.2 (0x003b3000) So... I added it (/usr/local/lib) to /etc/ld.so.conf, reran ldconfig. Thanks for the "gaim -d" tip... but... why is --enable-shared required? Shouldn't gaim automagically load the statically linked gaim-otr.la? Kat Hanna wrote: > The easiest way by far is to use google with your search terms plus > "site:lists.cypherpunks.ca". > > As for your problem, try starting gaim with "gaim -d"; it should see the > plugin and tell you why it doesn't load. From ian at cypherpunks.ca Tue Dec 6 08:53:34 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 6 Dec 2005 08:53:34 -0500 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <9129d8bb0512051951i4d8e67edn1199721d5472200@mail.gmail.com> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> <20051205235003.GI4463@smtp.paip.net> <9129d8bb0512051951i4d8e67edn1199721d5472200@mail.gmail.com> Message-ID: <20051206135334.GL4463@smtp.paip.net> On Mon, Dec 05, 2005 at 07:51:07PM -0800, CLAY SHENTRUP wrote: > > > by "end" it, you just mean "go back to allowing plain text", right? > > > > "go back to sending plaintext", but yes. > > > my experience is that it won't even allow plain text until after i submit to > that. What do you mean? If Alice and Bob are in a private conversation, and Bob ends his side of it, and then sends a plaintext message to Alice, Alice will see it, along with a warning telling her that it was received unprotected. - Ian From ian at cypherpunks.ca Tue Dec 6 08:59:11 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 6 Dec 2005 08:59:11 -0500 Subject: [OTR-users] gaim not loading static plugin, etc. In-Reply-To: <43958D86.3070803@polywog.org> References: <4394DE0F.8090101@polywog.org> <43958D86.3070803@polywog.org> Message-ID: <20051206135911.GM4463@smtp.paip.net> On Tue, Dec 06, 2005 at 08:09:26AM -0500, Emilio Recio wrote: > Since i didn't find anything of interest on the mailing lists. I ran > "gaim -d" and it didn't find the gaim-otr plugin at all. The odd part is > that when I did a "make uninstall" to recompile the plugin, there was > only one file. It seems like the static library (gaim-otr.la), but not > the shared library. > > So... I recompiled the plugin with (enable-shared): > ./configure --disable-nls --prefix=/usr/local/ --enable-shared > > So... I got this: > plugins: /usr/local/lib/gaim/gaim-otr.so is unloadable: libotr.so.2: > cannot open shared object file: No such file or directory > > So... I did a search (libotr.so.2): > $ locate libotr.so.2 > /usr/local/src/libotr-3.0.0/src/.libs/libotr.so.2.0.0 > /usr/local/src/libotr-3.0.0/src/.libs/libotr.so.2 > /usr/local/lib/libotr.so.2.0.0 > /usr/local/lib/libotr.so.2 > > So... I ldd'd it: > $ ldd /usr/local/lib/gaim/gaim-otr.so > linux-gate.so.1 => (0x00de6000) > libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x00c8e000) > libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x00f0c000) > libotr.so.2 => not found > libc.so.6 => /lib/tls/libc.so.6 (0x00541000) > libnsl.so.1 => /lib/libnsl.so.1 (0x006a2000) > /lib/ld-linux.so.2 (0x003b3000) > > So... I added it (/usr/local/lib) to /etc/ld.so.conf, reran ldconfig. > > Thanks for the "gaim -d" tip... but... why is --enable-shared required? > Shouldn't gaim automagically load the statically linked gaim-otr.la? The .la *isn't* the static library. Static libs end in ".a". A ".la" file is just information *about* a shared library (it's a text file; look at it and see). I think now that you have /usr/local/lib in your /etc/ld.so.conf, compiling without an explicit --enable-shared should probably work fine. - Ian From erecio at polywog.org Tue Dec 6 09:11:44 2005 From: erecio at polywog.org (Emilio Recio) Date: Tue, 06 Dec 2005 09:11:44 -0500 Subject: [OTR-users] gaim not loading static plugin, etc. In-Reply-To: <20051206135911.GM4463@smtp.paip.net> References: <4394DE0F.8090101@polywog.org> <43958D86.3070803@polywog.org> <20051206135911.GM4463@smtp.paip.net> Message-ID: <43959C20.1070604@polywog.org> Thanks for the information. It's been years since I worked on libraries on linux, I assumed it was a new gcc/glibc thing. Ian Goldberg wrote: > The .la *isn't* the static library. Static libs end in ".a". A ".la" > file is just information *about* a shared library (it's a text file; > look at it and see). > > I think now that you have /usr/local/lib in your /etc/ld.so.conf, > compiling without an explicit --enable-shared should probably work fine. From CLAY at BROKENLADDER.COM Tue Dec 6 13:53:36 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Tue, 6 Dec 2005 10:53:36 -0800 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <20051206135334.GL4463@smtp.paip.net> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> <20051205235003.GI4463@smtp.paip.net> <9129d8bb0512051951i4d8e67edn1199721d5472200@mail.gmail.com> <20051206135334.GL4463@smtp.paip.net> Message-ID: <9129d8bb0512061053n33daf03hdfbd2a0e4b30b16e@mail.gmail.com> but if alice hasn't ended her session yet, and tries to send something to bob, it will refuse to send it until she's ended her side as well. did i get some abberant version of otr? clay On 12/6/05, Ian Goldberg wrote: > > On Mon, Dec 05, 2005 at 07:51:07PM -0800, CLAY SHENTRUP wrote: > > > > by "end" it, you just mean "go back to allowing plain text", right? > > > > > > "go back to sending plaintext", but yes. > > > > > > my experience is that it won't even allow plain text until after i > submit to > > that. > > What do you mean? If Alice and Bob are in a private conversation, and > Bob ends his side of it, and then sends a plaintext message to Alice, > Alice will see it, along with a warning telling her that it was received > unprotected. > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- THE LAST PERSON TO DIE BY FIRING SQUAD IN THE US WAS JOHN ALBERT TAYLOR, IN UTAH IN 1996. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Tue Dec 6 16:55:18 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 6 Dec 2005 16:55:18 -0500 Subject: [OTR-users] Discussion of the use of "his" as a gender-neutral pronoun in an unlikely place In-Reply-To: <9129d8bb0512061053n33daf03hdfbd2a0e4b30b16e@mail.gmail.com> References: <43921820.8000906@brandeis.edu> <20051205185544.GH4463@smtp.paip.net> <9129d8bb0512051433g3fac2daxc3f33f94f9a8b613@mail.gmail.com> <20051205235003.GI4463@smtp.paip.net> <9129d8bb0512051951i4d8e67edn1199721d5472200@mail.gmail.com> <20051206135334.GL4463@smtp.paip.net> <9129d8bb0512061053n33daf03hdfbd2a0e4b30b16e@mail.gmail.com> Message-ID: <20051206215518.GO4463@smtp.paip.net> On Tue, Dec 06, 2005 at 10:53:36AM -0800, CLAY SHENTRUP wrote: > but if alice hasn't ended her session yet, and tries to send something to > bob, it will refuse to send it until she's ended her side as well. did i > get some abberant version of otr? No, that's right; that's what I said. Once Bob ends his side of the session, Alice can receive plaintext from him, but not send it, until she ends her side as well. - Ian From douglas.c.robinson at gmail.com Wed Dec 7 12:55:59 2005 From: douglas.c.robinson at gmail.com (Douglas C. Robinson) Date: Wed, 7 Dec 2005 12:55:59 -0500 Subject: [OTR-users] Knoppix with GAIM-OTR Message-ID: <8de316b10512070955p367a59ddk3255710f7b64275e@mail.gmail.com> I've Googled this already with no success, but is anyone aware of a Knoppix-like distro that has the full GAIM with GAIM-OTR plugin? This seems to me to be a wonderful combination for cyber-cafe use.... Thanks, Robi From jonkress at gmail.com Fri Dec 9 13:38:57 2005 From: jonkress at gmail.com (Jon Kress) Date: Fri, 09 Dec 2005 13:38:57 -0500 Subject: [OTR-users] remove In-Reply-To: <20051209153846.GS4463@smtp.paip.net> References: <20051209153846.GS4463@smtp.paip.net> Message-ID: <4399CF41.6020007@gmail.com> Ian Goldberg wrote: >The updated version of otrproxy for OSX, including support for the v2 >protocol, and a fix to support non-ASCII charsets, is now available. > >http://www.cypherpunks.ca/otr/binaries/osx/otrproxy-0.3.1.dmg > > - Ian >_______________________________________________ >OTR-announce mailing list >OTR-announce at lists.cypherpunks.ca >http://lists.cypherpunks.ca/mailman/listinfo/otr-announce > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2781 bytes Desc: S/MIME Cryptographic Signature URL: From secanon at m-net.arbornet.org Wed Dec 7 19:22:50 2005 From: secanon at m-net.arbornet.org (Anonymous) Date: Wed, 7 Dec 2005 19:22:50 -0500 (EST) Subject: [OTR-users] OTR Weakness Message-ID: <200512080022.jB80Mofx090779@m-net.arbornet.org> Correct me if I'm wrong, and it is very possible that I am, but isn't D-H vulnerable to brute-force attacks in the same manner as RSA attacks? If indeed that is true, perhaps it would be wise to increase the bitlength of the keys that otr uses, as currently, it is very-nearly in reach of easily-crackable by people with super-computers. On a seperate note, DSA has been compromised in the current way that it is created: that is, using SHA1-160 on both ends. I recommend an immediate upgrade to either TIGER (recommended) or SHA2-512. Sincerely, Anonymous From ian at cypherpunks.ca Sat Dec 10 18:42:36 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 10 Dec 2005 18:42:36 -0500 Subject: [OTR-users] OTR Weakness In-Reply-To: <200512080022.jB80Mofx090779@m-net.arbornet.org> References: <200512080022.jB80Mofx090779@m-net.arbornet.org> Message-ID: <20051210234236.GG4463@smtp.paip.net> On Wed, Dec 07, 2005 at 07:22:50PM -0500, Anonymous wrote: > Correct me if I'm wrong, and it is very possible that I am, but isn't > D-H vulnerable to brute-force attacks in the same manner as RSA > attacks? If indeed that is true, perhaps it would be wise to increase > the bitlength of the keys that otr uses, as currently, it is > very-nearly in reach of easily-crackable by people with > super-computers. I disagree that 1536-bit DH is "very nealy in reach of easily crackable". Do you have data to back this up? [The attacks to be concerned about aren't brute-force attacks; those clearly are out of reach.] > On a seperate note, DSA has been compromised in the current way that > it is created: that is, using SHA1-160 on both ends. I recommend an > immediate upgrade to either TIGER (recommended) or SHA2-512. Do you have a pointer to this? Collisions in SHA1 shouldn't affect DSA. We have in fact started migrating over to SHA-256, but some things (like fingerprints) can't change without losing compatibility. - Ian From mhkhung at gmail.com Sat Dec 10 19:31:24 2005 From: mhkhung at gmail.com (Michael Hung) Date: Sun, 11 Dec 2005 00:31:24 +0000 GMT Subject: [OTR-users] OTR Weakness Message-ID: <1925219337-1134261080-cardhu_blackberry.rim.net-13413-@engine07> I might be wrong but I don't think the standard dsa supports sha256. Rsa works fine of course.. Michael -----Original Message----- From: Ian Goldberg Date: Sat, 10 Dec 2005 18:42:36 To:otr-users at lists.cypherpunks.ca Subject: Re: [OTR-users] OTR Weakness On Wed, Dec 07, 2005 at 07:22:50PM -0500, Anonymous wrote: > Correct me if I'm wrong, and it is very possible that I am, but isn't > D-H vulnerable to brute-force attacks in the same manner as RSA > attacks? If indeed that is true, perhaps it would be wise to increase > the bitlength of the keys that otr uses, as currently, it is > very-nearly in reach of easily-crackable by people with > super-computers. I disagree that 1536-bit DH is "very nealy in reach of easily crackable". Do you have data to back this up? [The attacks to be concerned about aren't brute-force attacks; those clearly are out of reach.] > On a seperate note, DSA has been compromised in the current way that > it is created: that is, using SHA1-160 on both ends. I recommend an > immediate upgrade to either TIGER (recommended) or SHA2-512. Do you have a pointer to this? Collisions in SHA1 shouldn't affect DSA. We have in fact started migrating over to SHA-256, but some things (like fingerprints) can't change without losing compatibility. - Ian _______________________________________________ OTR-users mailing list OTR-users at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users From tirali at dmreklam.com Sat Dec 10 21:10:47 2005 From: tirali at dmreklam.com (tirali at dmreklam.com) Date: Sun, 11 Dec 2005 04:10:47 +0200 Subject: [OTR-users] otr key problem Message-ID: <8E089A182D0144ADB76C003676C83EE3.MAI@areshosting.com> i am using gaim v1.5.0 and the latest otr release .. the problem i am facing is that i was able to use otr from a different machine and now i cannot generate keys.. it says generating ... and then says OK. but there are no Keys. when i attempt to make a private conversation it automatically tries to generate a key says OK and then with every message it again tries to generate a key and says OK but actually fails. Is there a workaround for this ? i uninstalled otr and reinstalled it but no luck. From ian at cypherpunks.ca Sat Dec 10 21:53:38 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 10 Dec 2005 21:53:38 -0500 Subject: [OTR-users] otr key problem In-Reply-To: <8E089A182D0144ADB76C003676C83EE3.MAI@areshosting.com> References: <8E089A182D0144ADB76C003676C83EE3.MAI@areshosting.com> Message-ID: <20051211025338.GH4463@smtp.paip.net> On Sun, Dec 11, 2005 at 04:10:47AM +0200, tirali at dmreklam.com wrote: > i am using gaim v1.5.0 and the latest otr release .. the problem i am > facing is that i was able to use otr from a different machine and now > i cannot generate keys.. it says generating ... and then says OK. but > there are no Keys. when i attempt to make a private conversation it > automatically tries to generate a key says OK and then with every > message it again tries to generate a key and says OK but actually > fails. Is there a workaround for this ? i uninstalled otr and > reinstalled it but no luck. It sounds like you don't have the right permissions to save the private keys file for some reason. What OS is this? If it's *nix, what does "ls -al ~/.gaim" say? If it's Windows, I'm not sure what the equivalent thing is. - Ian From CLAY at BROKENLADDER.COM Fri Dec 16 14:21:47 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Fri, 16 Dec 2005 11:21:47 -0800 Subject: [OTR-users] jabber jingle Message-ID: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> Well, after all the evangelism I've done in support of SIP for IP telephony, it turns out that Google has backed open extensions to XMPP (Jabber) to enabled voip. Not only is this essentially what's already used in Google Talk (which will eventually be totally open and compatible with other Jabber networks), it's simple to implement (much simpler than SIP) and better with firewalls. Gaim 2 is supposed to support Jingle eventually, using none other than libjingle. I think it would be awesome to see the fundamentals of OTR applied to this in some way that is suitable for voice. Is this anything any of the developers think would be interesting? My opinion is that with Google backing it, and with its open nature, Jingle looks like it's going to be the eventual de facto standard for VoIP. Maybe that's premature, but it makes a lot of sense. Gaim 2 is supposed to be wicked. OTR supplemented VoIP would be even more wicked. Thanks, Clay -- Here's an idea that would save the world: I think, we should get some large magnetic rings and attach wires to them such that one wire is attached to each of a set of two magnetic rings in opposing polarity. Then, we should dig up everyone that was a great thinker of the enlightenment and dip them in molten iron. After that, following Maxwell's famous equations, we'll just tell that girl and all the other stupids that we prayed for it to happen and jebus made it work, we'll put all of our iron covered thinkers of the enlightenment back in their graves inside the magnetic rings. Once there, the combined speed with which they turn will be enough to ween us off fossil fuels. ?NATE OBORNY, TALKING ABOUT A GIRL WHO DOESN'T BELIEVE IN GLOBAL WARMING -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Fri Dec 16 16:38:04 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Fri, 16 Dec 2005 16:38:04 -0500 Subject: [OTR-users] jabber jingle In-Reply-To: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> References: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> Message-ID: On 12/16/05, CLAY SHENTRUP wrote: > Well, after all the evangelism I've done in support of SIP for IP telephony, > it turns out that Google has backed open extensions to XMPP (Jabber) to > enabled voip. Not only is this essentially what's already used in Google > Talk (which will eventually be totally open and compatible with other Jabber > networks), it's simple to implement (much simpler than SIP) and better with > firewalls. > > Gaim 2 is supposed to support Jingle eventually, using none other than > libjingle. I think it would be awesome to see the fundamentals of OTR > applied to this in some way that is suitable for voice. Is this anything > any of the developers think would be interesting? > > My opinion is that with Google backing it, and with its open nature, Jingle > looks like it's going to be the eventual de facto standard for VoIP. Maybe > that's premature, but it makes a lot of sense. Gaim 2 is supposed to be > wicked. OTR supplemented VoIP would be even more wicked. I think cryptography for voice is essential. Unfortunate the reality of things is such that we really can't provide the same cryptographic behavior in regard to repudiation with voice that we can provide with IM. It would not be much work to use an OTR protected channel to exchange a session key for voice, but care must be taken to ensure that the session key does not reduce the repudiation for the voice call. Lobbying should be done with google *now* to make sure the right support is in place in the majority of the clients for encrypted voice. From CLAY at BROKENLADDER.COM Sat Dec 17 03:30:53 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Sat, 17 Dec 2005 00:30:53 -0800 Subject: [OTR-users] jabber jingle In-Reply-To: References: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> <9129d8bb0512161343n139b81a4v1ef1b9ea86308f4b@mail.gmail.com> <9129d8bb0512170004w4ae4e9cbv8d0459b0445f10b4@mail.gmail.com> Message-ID: <9129d8bb0512170030r7fcd6e68h4cab20a9620ff86@mail.gmail.com> I don't think this makes sense, but I'm too exhausted right now to have a clear mind and analyze it. Ian? Anyone? -Clay On 12/17/05, Gregory Maxwell wrote: > > On 12/17/05, CLAY SHENTRUP wrote: > > dude, the recording of the call would be stronger proof than any keys > would > > be. it would be easier to steal his private keys and impersonate him > than > > fake his voice. > > Alice (the secret police) can only record the encrypted call. She > knows the Bob sent some bytes but can't prove what they mean. Alice > doesn't trust trent completely... which is why she doesn't just take > his word for it when he says bob was planning on overthrowing the > government. > > With OTR on text, trent can give alice a decrypted copy of a message > and the session key used to encrypt that message... and Alice, even > though she has a recording of the encrypted data , can't be completely > sure that Trent isn't framing Bob. ... this is because there is a high > ratio of key data to transmitted messages (because there is an eDH > exchange every message pair). Trent could have just searched for > session keys that caused bob's messages to decrypt to his choice of > text. Because the session key is a key to an AES stream cipher (and > not a onetime pad) this would require non trivial effort from trent, > but if the messages are short this stays within the realm of doubt. > > The same protection isn't available for voice. > -- Here's an idea that would save the world: I think, we should get some large magnetic rings and attach wires to them such that one wire is attached to each of a set of two magnetic rings in opposing polarity. Then, we should dig up everyone that was a great thinker of the enlightenment and dip them in molten iron. After that, following Maxwell's famous equations, we'll just tell that girl and all the other stupids that we prayed for it to happen and jebus made it work, we'll put all of our iron covered thinkers of the enlightenment back in their graves inside the magnetic rings. Once there, the combined speed with which they turn will be enough to ween us off fossil fuels. ?NATE OBORNY, TALKING ABOUT A GIRL WHO DOESN'T BELIEVE IN GLOBAL WARMING -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Sat Dec 17 05:51:58 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Sat, 17 Dec 2005 02:51:58 -0800 Subject: [OTR-users] jabber jingle In-Reply-To: <9129d8bb0512170102u78a1e63bp80259d2ae5280f2f@mail.gmail.com> References: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> <9129d8bb0512161343n139b81a4v1ef1b9ea86308f4b@mail.gmail.com> <9129d8bb0512170102u78a1e63bp80259d2ae5280f2f@mail.gmail.com> Message-ID: <9129d8bb0512170251m6011ee64i9c8a4021d0a64a62@mail.gmail.com> > Lets assume Bob is communicates with Trent. Alice is an evil > oppressive government to records all communications. Trent later > becomes a traitor and turns over his his session keys to Alice. There > is no way that alice can directly prove that the session key was the > one bob agreed to, however the session key successfully converts the > data alice captured into something that sounds a lot like bob. The > probability of Trent finding some key which decrypts to something that > sounds like bob talking about something other than what he actually > said is infinitesimal Okay, you're throwing me with your misuse of Alice here. But if Alice indeed observed all of the communication, even if it was text, then they would see the encrypted messages coming from Bob, as well as his signed DH half key. If Trent could produce a private DH value that in conjunction with Bob's public key would produce a key that Trent has, which would decrypt the recorded message to something recognizable, then I think that would give Alice (or Mr. Charrington if you like) the means to know prove that Bob said what he said. I think the plausible deniability is only if you weren't observed in the act. In the limit, your example relies upon recognizing Bob's voice, which would give the same certainty that it was Bob, even if the message was never ecrypted. So what does OTR have to do with that? -- Here's an idea that would save the world: I think, we should get some large magnetic rings and attach wires to them such that one wire is attached to each of a set of two magnetic rings in opposing polarity. Then, we should dig up everyone that was a great thinker of the enlightenment and dip them in molten iron. After that, following Maxwell's famous equations, we'll just tell that girl and all the other stupids that we prayed for it to happen and jebus made it work, we'll put all of our iron covered thinkers of the enlightenment back in their graves inside the magnetic rings. Once there, the combined speed with which they turn will be enough to ween us off fossil fuels. ?NATE OBORNY, TALKING ABOUT A GIRL WHO DOESN'T BELIEVE IN GLOBAL WARMING -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane at shaneland.co.uk Sat Dec 17 12:41:35 2005 From: shane at shaneland.co.uk (Shane M. Coughlan) Date: Sat, 17 Dec 2005 17:41:35 +0000 Subject: [OTR-users] Making a distribution of Gaim with OTR preinstalled In-Reply-To: References: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> Message-ID: <43A44DCF.1010604@shaneland.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello OTR people! My name is Shane Coughlan, and I am a member of the Mobility Project. We're interested in bringing mobility and security closer together. We're working on a portable version of Gaim with OTR plugin preinstalled. It's a distribution designed to help people take their IM client with them on a USB stick. It's called Mobility IM distribution, and we have a beta online at http://mobility.shaneland.co.uk (early days yet). We're busy creating systems for verifying files and encrypting profiles (using a combination of file hashing technology and symmetric encryption from GnuPG), though that's not going to be ready for some months. Now, an issue we've noticed during our OTR test conversations is that long messages passing through Yahoo! (and possibly other networks) sometimes generate a loop. Gaim complains its a badly formed message, and it attempts (infinite loop) to resend the message. It's a little annoying, and does not occur when OTR is not enabled. Is there any way to stop this? In addition, are there any notices or documentation that we should include with our distribution to make it better for the public at large? Thanks for making OTR. It's a wonderful concept. Best regards Shane http://mobility.shaneland.co.uk I'm also a member of: Enigmail OpenPGP for Thunderbird http://enigmail.mozdev.org WinPT: http://www.winpt.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3-cvs-3966 (MingW32) iD8DBQFDpE3PTa6KuhPvdOoRA1RCAKCgF4ieGzMamfHmXPWdyBEppNLQ5ACghMJK 2vKjoAZwC3VBOgYK7FYppyM= =2jZ6 -----END PGP SIGNATURE----- From ian at cypherpunks.ca Sat Dec 17 13:04:07 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 17 Dec 2005 13:04:07 -0500 Subject: [OTR-users] Making a distribution of Gaim with OTR preinstalled In-Reply-To: <43A44DCF.1010604@shaneland.co.uk> References: <9129d8bb0512161121p64da64f0ic60ca9d070d36fe5@mail.gmail.com> <43A44DCF.1010604@shaneland.co.uk> Message-ID: <20051217180406.GL4463@smtp.paip.net> On Sat, Dec 17, 2005 at 05:41:35PM +0000, Shane M. Coughlan wrote: > Now, an issue we've noticed during our OTR test conversations is that > long messages passing through Yahoo! (and possibly other networks) > sometimes generate a loop. Gaim complains its a badly formed message, > and it attempts (infinite loop) to resend the message. It's a little > annoying, and does not occur when OTR is not enabled. The "right" way to solve this is with fragmentation. gaim-otr-3.0.0 included support for assembling fragments, but not for generating them. There are two hard parts of fragmenting long messages: 1. How do you know what size of fragment to use? 2. Some networks have a rate-limiter that trips when you try to send messages (i.e. fragments) too quickly. The only plausible solution to #1 is icky (hard-code maximum sizes for each known network, ugh). The IM networks simply don't in general provide enough information to determine the maximum size at runtime. #2 is really a bug in gaim: it's already got code that's supposed to automatically throttle outgoing messages, based on the networks' reported rate limits, but, last I checked, it didn't work. Maybe the new gaim-2 has fixed it, though. It's definitely something we're keeping in mind, though. This is discussed from time to time on the otr-dev list. - Ian From eyv at cs.umn.edu Sun Dec 18 15:37:06 2005 From: eyv at cs.umn.edu (Eugene Y. Vasserman) Date: Sun, 18 Dec 2005 14:37:06 -0600 Subject: [OTR-users] Gaim2 and OTR3 In-Reply-To: <20051218114527.7897.82515.Mailman@brandeis.paip.net> References: <20051218114527.7897.82515.Mailman@brandeis.paip.net> Message-ID: <43A5C872.8080306@cs.umn.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi All, So, the Gaim2 beta seems to be out. Would be nice to see a compatible OTR3. Then I can make a clean break from Gaim 1. :) Thanks very much for all your great work, Eugene - -- Eugene Y. Vasserman http://www.cs.umn.edu/~eyv/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDpchy4S3hfPlRZlkRA91VAJ4hmIEWO9YP0VgvzEH0q/0z8EC8VACfVDg3 E/bX+5rmJ+ugZRDe/1UWvKM= =vX4c -----END PGP SIGNATURE----- From ian at cypherpunks.ca Sun Dec 18 17:54:15 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 18 Dec 2005 17:54:15 -0500 Subject: [OTR-users] Gaim2 and OTR3 In-Reply-To: <43A5C872.8080306@cs.umn.edu> References: <20051218114527.7897.82515.Mailman@brandeis.paip.net> <43A5C872.8080306@cs.umn.edu> Message-ID: <20051218225415.GP4463@smtp.paip.net> On Sun, Dec 18, 2005 at 02:37:06PM -0600, Eugene Y. Vasserman wrote: > Hi All, > So, the Gaim2 beta seems to be out. Would be nice to see a compatible > OTR3. Then I can make a clean break from Gaim 1. :) > Thanks very much for all your great work, > Eugene I just checked in a patch (based on the one Dustin sent in) to make gaim-otr work with gaim2. When I checked earlier today, though, there wasn't a win32 build of gaim2 yet, so I can't build a win32 version of the plugin. - Ian From CLAY at BROKENLADDER.COM Sun Dec 18 20:01:19 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Sun, 18 Dec 2005 17:01:19 -0800 Subject: [OTR-users] Gaim2 and OTR3 In-Reply-To: <20051218225415.GP4463@smtp.paip.net> References: <20051218114527.7897.82515.Mailman@brandeis.paip.net> <43A5C872.8080306@cs.umn.edu> <20051218225415.GP4463@smtp.paip.net> Message-ID: <9129d8bb0512181701w651195c5l78b2d068ce0279a2@mail.gmail.com> Ian: I think I speak for the entire community when I say, you're a pimp. On 12/18/05, Ian Goldberg wrote: > > On Sun, Dec 18, 2005 at 02:37:06PM -0600, Eugene Y. Vasserman wrote: > > Hi All, > > So, the Gaim2 beta seems to be out. Would be nice to see a compatible > > OTR3. Then I can make a clean break from Gaim 1. :) > > Thanks very much for all your great work, > > Eugene > > I just checked in a patch (based on the one Dustin sent in) to make > gaim-otr work with gaim2. When I checked earlier today, though, there > wasn't a win32 build of gaim2 yet, so I can't build a win32 version of > the plugin. > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- Here's an idea that would save the world: I think, we should get some large magnetic rings and attach wires to them such that one wire is attached to each of a set of two magnetic rings in opposing polarity. Then, we should dig up everyone that was a great thinker of the enlightenment and dip them in molten iron. After that, following Maxwell's famous equations, we'll just tell that girl and all the other stupids that we prayed for it to happen and jebus made it work, we'll put all of our iron covered thinkers of the enlightenment back in their graves inside the magnetic rings. Once there, the combined speed with which they turn will be enough to ween us off fossil fuels. ?NATE OBORNY, TALKING ABOUT A GIRL WHO DOESN'T BELIEVE IN GLOBAL WARMING -------------- next part -------------- An HTML attachment was scrubbed... URL: From eyv at cs.umn.edu Mon Dec 19 14:59:27 2005 From: eyv at cs.umn.edu (Eugene Y. Vasserman) Date: Mon, 19 Dec 2005 13:59:27 -0600 Subject: [OTR-users] Gaim2 and OTR3 In-Reply-To: <20051219114335.26905.65079.Mailman@brandeis.paip.net> References: <20051219114335.26905.65079.Mailman@brandeis.paip.net> Message-ID: <43A7111F.4030007@cs.umn.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I'm running the Windows build now. :) If you need testers, I'd be happy to test the Windows side. Thanks, Eugene On Sun, Dec 18, 2005 at 02:37:06PM -0600, Eugene Y. Vasserman wrote: >> Hi All, >> So, the Gaim2 beta seems to be out. Would be nice to see a compatible >> OTR3. Then I can make a clean break from Gaim 1. :) >> Thanks very much for all your great work, >> Eugene > I just checked in a patch (based on the one Dustin sent in) to make > gaim-otr work with gaim2. When I checked earlier today, though, there > wasn't a win32 build of gaim2 yet, so I can't build a win32 version of > the plugin. > > - Ian - -- Eugene Y. Vasserman http://www.cs.umn.edu/~eyv/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDpxEf4S3hfPlRZlkRA27OAJ9Wl7tvSMIHYAn59ehCLjkg7vwzZwCePoJI 0KV9hgko8pSBN70W3bJX6rQ= =fbtX -----END PGP SIGNATURE----- From dguido at gmail.com Tue Dec 20 15:29:04 2005 From: dguido at gmail.com (Daniel Guido) Date: Tue, 20 Dec 2005 15:29:04 -0500 Subject: [OTR-users] Re: OTR-users digest, Vol 1 #138 - 1 msg In-Reply-To: <20051220113130.13077.64551.Mailman@brandeis.paip.net> References: <20051220113130.13077.64551.Mailman@brandeis.paip.net> Message-ID: <9c2204930512201229p346beb76i7c34b38a80c0d3e2@mail.gmail.com> Windows builds are available here: http://geddeth.dk/downloads/gaim/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Tue Dec 20 15:39:53 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 20 Dec 2005 15:39:53 -0500 Subject: [OTR-users] Re: OTR-users digest, Vol 1 #138 - 1 msg In-Reply-To: <9c2204930512201229p346beb76i7c34b38a80c0d3e2@mail.gmail.com> References: <20051220113130.13077.64551.Mailman@brandeis.paip.net> <9c2204930512201229p346beb76i7c34b38a80c0d3e2@mail.gmail.com> Message-ID: <20051220203953.GX4463@smtp.paip.net> On Tue, Dec 20, 2005 at 03:29:04PM -0500, Daniel Guido wrote: > Windows builds are available here: http://geddeth.dk/downloads/gaim/ I've sent a version of gaim-otr.dll for gaim-2.x to Paul for packaging. We should have a version for people to try out soon. Thanks, - Ian From ian at cypherpunks.ca Wed Dec 21 16:11:29 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 21 Dec 2005 16:11:29 -0500 Subject: [OTR-users] Gaim2 and OTR3 In-Reply-To: <43A7111F.4030007@cs.umn.edu> References: <20051219114335.26905.65079.Mailman@brandeis.paip.net> <43A7111F.4030007@cs.umn.edu> Message-ID: <20051221211129.GE4463@smtp.paip.net> On Mon, Dec 19, 2005 at 01:59:27PM -0600, Eugene Y. Vasserman wrote: > I'm running the Windows build now. :) > If you need testers, I'd be happy to test the Windows side. OK, Paul's packaged up a win32 version of gaim2-otr: http://otr.cypherpunks.ca/binaries/windows/gaim2-otr-3.0.0.exe Try it out, and let us know what's up. Thanks, - Ian From firefox-gen at walala.org Thu Dec 22 23:52:05 2005 From: firefox-gen at walala.org (A. Bourdon) Date: Thu, 22 Dec 2005 23:52:05 -0500 Subject: [OTR-users] Glib 2.0+ compile error w/ OTR 3.0 Message-ID: <20051222235205.v1pkveuddlw00oc4@www.libertarianactivism.com> Hi all. I'm new to the mailing list here (obviously). I've been using OTR for GAIM on Win32 for a while now with no problems- very good programming! However, I just tried compiling the latest 3.0 verion for Linux (SuSE 10.0 Pro in my case) and have run into a small but aparently critical problem. All libraries appear to be installed, and my Glib version is 2.8.1-3.i586, higher than the >= 2.4 version required by the configure script. Even so, I get the following error output: checking for libgcrypt-config... /usr/local/bin/libgcrypt-config checking for LIBGCRYPT - version >= 1.2.0... yes checking LIBGCRYPT API version... okay checking for libotr CFLAGS... checking for libotr LIBS... -lotr checking for libotr headers version 3.x >= 3.0.0... found. checking for otrl_message_receiving in -lotr... yes checking for pkg-config... /usr/bin/pkg-config checking for glib-2.0 >= 2.4 gtk+-2.0 >= 2.4 gaim >= 1.0... configure: error: glib ./configure: line 19502: exit: gtk: numeric argument required ./configure: line 19502: exit: gtk: numeric argument required Any ideas? I've never seen this specific error with any other software I've ever compiled... Thanks, Andrew From kat at paip.net Fri Dec 23 00:03:52 2005 From: kat at paip.net (Kat Hanna) Date: Fri, 23 Dec 2005 00:03:52 -0500 (EST) Subject: [OTR-users] Glib 2.0+ compile error w/ OTR 3.0 In-Reply-To: <20051222235205.v1pkveuddlw00oc4@www.libertarianactivism.com> References: <20051222235205.v1pkveuddlw00oc4@www.libertarianactivism.com> Message-ID: On Thu, 22 Dec 2005, A. Bourdon wrote: > Hi all. I'm new to the mailing list here (obviously). I've been using OTR for > GAIM on Win32 for a while now with no problems- very good programming! However, > I just tried compiling the latest 3.0 verion for Linux (SuSE 10.0 Pro in my > case) and have run into a small but aparently critical problem. All libraries > appear to be installed, and my Glib version is 2.8.1-3.i586, higher than the >= > 2.4 version required by the configure script. Even so, I get the following error > output: > > checking for libgcrypt-config... /usr/local/bin/libgcrypt-config > checking for LIBGCRYPT - version >= 1.2.0... yes > checking LIBGCRYPT API version... okay > checking for libotr CFLAGS... > checking for libotr LIBS... -lotr > checking for libotr headers version 3.x >= 3.0.0... found. > checking for otrl_message_receiving in -lotr... yes > checking for pkg-config... /usr/bin/pkg-config > checking for glib-2.0 >= 2.4 gtk+-2.0 >= 2.4 gaim >= 1.0... configure: error: > glib > ./configure: line 19502: exit: gtk: numeric argument required > ./configure: line 19502: exit: gtk: numeric argument required Can you post line 19502? Do you have -devel packages for glib and gtk installed? Thanks. -Kat From CLAY at BROKENLADDER.COM Wed Dec 28 16:30:07 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Wed, 28 Dec 2005 13:30:07 -0800 Subject: [OTR-users] JEP-0116 Message-ID: <9129d8bb0512281330y8f8c6b1s779a96e1a12277c7@mail.gmail.com> I was wondering whether Ian or anyone else could be convinced to implement XMPP extension JEP-0116 in Gaim, an OTR-like encryption scheme at the protocol level for Jabber. I think applicability to Jingle would also be quite important, for voice transactions. I'm willing to donate 200$ to anyone who will do this, and hopefully others will find it valuable and help as well. I haven't read through the spec thoroughly, so I'm only assuming it handles hurdles previously crossed by OTR (like the false identity exploit). I understand you're aware of these extension, Ian, and I wondered whether you have any thoughts about this. OTR is a great system, but is sort of a hack, using white spacing and such to work with a range of protocols. Something that would work at the protocol level, as well as address voice, would be quite desirable. Thanks, Clay -- Here's an idea that would save the world: I think, we should get some large magnetic rings and attach wires to them such that one wire is attached to each of a set of two magnetic rings in opposing polarity. Then, we should dig up everyone that was a great thinker of the enlightenment and dip them in molten iron. After that, following Maxwell's famous equations, we'll just tell that girl and all the other stupids that we prayed for it to happen and jebus made it work, we'll put all of our iron covered thinkers of the enlightenment back in their graves inside the magnetic rings. Once there, the combined speed with which they turn will be enough to ween us off fossil fuels. ?NATE OBORNY, TALKING ABOUT A GIRL WHO DOESN'T BELIEVE IN GLOBAL WARMING -------------- next part -------------- An HTML attachment was scrubbed... URL: