From CLAY at BROKENLADDER.COM Sat Nov 5 01:20:28 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Fri, 4 Nov 2005 22:20:28 -0800 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027193825.GN847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> <20051027182957.GK847@smtp.paip.net> <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> <9129d8bb0510271155l3e5a200byc1b5c8c5ffa9e23b@mail.gmail.com> <20051027193825.GN847@smtp.paip.net> Message-ID: <9129d8bb0511042220i61ba2621j9683fe353df1cddd@mail.gmail.com> why has the page not been updated with links to the betas? i'm trying to sell carnegie-mellon on otr but the page still mentions the security flaw. clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Sun Nov 6 15:49:10 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 6 Nov 2005 15:49:10 -0500 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0511042220i61ba2621j9683fe353df1cddd@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> <20051027182957.GK847@smtp.paip.net> <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> <9129d8bb0510271155l3e5a200byc1b5c8c5ffa9e23b@mail.gmail.com> <20051027193825.GN847@smtp.paip.net> <9129d8bb0511042220i61ba2621j9683fe353df1cddd@mail.gmail.com> Message-ID: <20051106204910.GC847@smtp.paip.net> On Fri, Nov 04, 2005 at 10:20:28PM -0800, CLAY SHENTRUP wrote: > why has the page not been updated with links to the betas? The betas weren't meant for random people to download; just this list. We were waiting to update the web page until the official release, which happened yesterday. > i'm trying to > sell carnegie-mellon on otr but the page still mentions the security flaw. Funny coincidence; I was just there a couple of weeks ago, giving a talk on OTR to the CyLab / ISRI Seminar Series. - Ian From CLAY at BROKENLADDER.COM Mon Nov 7 12:57:49 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 7 Nov 2005 09:57:49 -0800 Subject: [OTR-users] installing for windows.. Message-ID: <9129d8bb0511070957o349aed8bkbdd802a8a4fa94d5@mail.gmail.com> the otr installer won't work for me because i don't have gaim "installed". i have it in installed to my personal account. is there any way to just get the .dll? also, did anyone figure out how to run gaim + otr on a flash drive? i'm interested in doing that, but i don't know whether the path gaim uses to look for plugins is absolute, relative to home, or relative to the working directory. thanks, clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Mon Nov 7 13:10:10 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 7 Nov 2005 19:10:10 +0100 (CET) Subject: [OTR-users] Re: [OTR-announce] New OTR software now online In-Reply-To: <20051105222604.GY847@smtp.paip.net> References: <20051105222604.GY847@smtp.paip.net> Message-ID: On Sat, 5 Nov 2005, Ian Goldberg wrote: > The new versions of libotr, gaim-otr, and otrproxy are now online, in > source form, and as Windows installers. The Fedora binaries are on > their way. Other package maintainters, start your engines. ;-) libotr and gaimotr packages have just been built on the Fedora Extra build system and should find its way to the mirrors in the next 24 hours. On Fedora Core 4, yum comes preconfigured with Fedora Extras. On Fedora Core 3, you need to add the Extras repository to yum: [extras] name=Fedora Extras $releasever - $basearch mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-extras-$releasever enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras gpgcheck=1 If you want to get them before they've hit the mirrors, use: ftp://ftp.xelerance.com:/mirror/otr/binaries/fedora/ (note those rpms are signed by me, while the fedora extra rpms are signed by the fedora key) Paul From paul at cypherpunks.ca Mon Nov 7 14:25:39 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 7 Nov 2005 20:25:39 +0100 (CET) Subject: [OTR-users] installing for windows.. In-Reply-To: <9129d8bb0511070957o349aed8bkbdd802a8a4fa94d5@mail.gmail.com> References: <9129d8bb0511070957o349aed8bkbdd802a8a4fa94d5@mail.gmail.com> Message-ID: On Mon, 7 Nov 2005, CLAY SHENTRUP wrote: > the otr installer won't work for me because i don't have gaim "installed". i > have it in installed to my personal account. is there any way to just get > the .dll? That should work as well. What is the error you are seeing? I'll try this out myself in the next few days as well. > also, did anyone figure out how to run gaim + otr on a flash drive? i'm > interested in doing that, but i don't know whether the path gaim uses to > look for plugins is absolute, relative to home, or relative to the working > directory. I am not sure how gaim does that for windows. Perhaps the sourceforge page has some details on that? Paul From CLAY at BROKENLADDER.COM Thu Nov 10 14:47:37 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 11:47:37 -0800 Subject: [OTR-users] generating keys Message-ID: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> first of all, i've been meaning to ask why there is more than one key in gaim; one for every account. i always manually make them all the same by editing the private keys file. it would be nice to be able to set it to just use one key per user per host. but one thing i just had happen, which was really weird, is that i was using an account that already has a key, and a new key was generated, obviously foreign to my friend. i closed gaim and removed the new key from the key file, and restarted..and everything worked fine. so why did it just add a new key in the first place?! bizarre. clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Thu Nov 10 15:30:31 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 12:30:31 -0800 Subject: [OTR-users] generating keys Message-ID: <9129d8bb0511101230tdb516f0i2083904f96d666bd@mail.gmail.com> i think i found a pattern here. every time i change the resource name, say from work to home, that causes a new key to be generated. now i've already stated that i think it's bad to generate a different key for every account, as opposed to a per user/machine. but i'm sure there's some reason for this to account for the extra verification that has to take place (that drives my friends nuts!). however, i think most people would agree that a new key just for changing the resource name on the same accountis taking it a little too far. and besides, "resource" is basically tied to the local device. it makes sense if i have a different key for my usb drive, with the resource as "FLASH DRIVE", than the one on my home machine where the resource is "HOME". but how would it make sense to have two different keys for two different resources for the same account on the same device? am i making any sense here? thanks, clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Nov 10 15:29:22 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 10 Nov 2005 15:29:22 -0500 Subject: [OTR-users] generating keys In-Reply-To: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> Message-ID: <20051110202922.GW847@smtp.paip.net> On Thu, Nov 10, 2005 at 11:47:37AM -0800, CLAY SHENTRUP wrote: > first of all, i've been meaning to ask why there is more than one key in > gaim; one for every account. i always manually make them all the same by > editing the private keys file. it would be nice to be able to set it to just > use one key per user per host. Different accounts have different keys, because people may not want it to be obvious that accounts X and Y actually belong to the same person. You can just put a couple of extra lines on your web page, like this: http://r6.ca/russellotr.asc > but one thing i just had happen, which was really weird, is that i was using > an account that already has a key, and a new key was generated, obviously > foreign to my friend. i closed gaim and removed the new key from the key > file, and restarted..and everything worked fine. so why did it just add a > new key in the first place?! bizarre. The most probable thing that jumps to mind is that when you edited the private keys file by hand, you ended up with an invalid key somewhere (a mismatched paren, possibly). When the new key was created, the keys file would have been rewritten correctly. Would that match the behaviour you saw? - Ian From CLAY at BROKENLADDER.COM Thu Nov 10 16:06:37 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 13:06:37 -0800 Subject: [OTR-users] key confusion Message-ID: <9129d8bb0511101306h4e30bfa0hf33c06053782a0a2@mail.gmail.com> now i just had this problem where i already had a verified key fingerprint for my friend, and otr popped up when i started a session with him, telling me he was using an unrecognized fingerprint. so i looked in my known fingerprints list, and it was already in there and added a second time. when that session was over with, i "forgot" the new copy, and restarted gaim. the fingerprint was in my list. i started a session with him again, and it was added again, so again there were two copies of it. eventually i just forgot the old copy and just settled on the new (identical) one. i also kept getting this error like, "sent improperly formed encrypted message" or something to that effect. sounds like we got some bugs to work out. thanks clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Thu Nov 10 16:53:12 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 13:53:12 -0800 Subject: [OTR-users] generating keys In-Reply-To: <20051110202922.GW847@smtp.paip.net> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> <20051110202922.GW847@smtp.paip.net> Message-ID: <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> > > Different accounts have different keys, because people may not want it > to be obvious that accounts X and Y actually belong to the same person. like i said, i knew you'd have an explanation for this. it would be nice to be able to turn this feature off though. You can just put a couple of extra lines on your web page, like this: > http://r6.ca/russellotr.asc that presumes one has a web page and that it is trustworthy. suppose the cia hacked it? not a great place to place trust imo. my solution of just manually altering the keys file seems to work well, because it doesn't force multiple voice verifications (phone calls). > but one thing i just had happen, which was really weird, is that i was > using > > an account that already has a key, and a new key was generated, > obviously > > foreign to my friend. i closed gaim and removed the new key from the key > > file, and restarted..and everything worked fine. so why did it just add > a > > new key in the first place?! bizarre. > > The most probable thing that jumps to mind is that when you edited the > private keys file by hand, you ended up with an invalid key somewhere (a > mismatched paren, possibly). When the new key was created, the keys > file would have been rewritten correctly. nope. what happened was the resource changed, like a explained in a later email. thanks, clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Nov 10 17:05:18 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 10 Nov 2005 17:05:18 -0500 Subject: [OTR-users] generating keys In-Reply-To: <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> <20051110202922.GW847@smtp.paip.net> <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> Message-ID: <20051110220518.GX847@smtp.paip.net> On Thu, Nov 10, 2005 at 01:53:12PM -0800, CLAY SHENTRUP wrote: > You can just put a couple of extra lines on your web page, like this: > > http://r6.ca/russellotr.asc > > > that presumes one has a web page and that it is trustworthy. suppose the cia > hacked it? not a great place to place trust imo. No, there's no problem, even if the CIA hacks it, since it's GPG-signed. What you're doing here is leveraging existing trust (GPG) to authenticate your new (OTR) keys. I agree that it's approximately pointless to put unsigned copies of your OTR keys on your webpage. But if you've got GPG, and you put up a signed copy, you'll never have to do the voice verification with your friends again (assuming they already trust your GPG key). - Ian From CLAY at BROKENLADDER.COM Thu Nov 10 18:22:06 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 15:22:06 -0800 Subject: [OTR-users] generating keys In-Reply-To: <20051110220518.GX847@smtp.paip.net> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> <20051110202922.GW847@smtp.paip.net> <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> <20051110220518.GX847@smtp.paip.net> Message-ID: <9129d8bb0511101522s2244ffafl8a98b2484154a5b7@mail.gmail.com> > > I agree that it's approximately > pointless to put unsigned copies of your OTR keys on your webpage. > But if you've got GPG, and you put up a signed copy, you'll never have > to do the voice verification with your friends again (assuming they > already trust your GPG key). kind of passing the buck eh? ;) -clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Fri Nov 11 01:01:42 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 11 Nov 2005 07:01:42 +0100 (CET) Subject: automating GPG/OTR lookups, was Re: [OTR-users] generating keys In-Reply-To: <20051110220518.GX847@smtp.paip.net> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> <20051110202922.GW847@smtp.paip.net> <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> <20051110220518.GX847@smtp.paip.net> Message-ID: On Thu, 10 Nov 2005, Ian Goldberg wrote: > No, there's no problem, even if the CIA hacks it, since it's GPG-signed. > What you're doing here is leveraging existing trust (GPG) to > authenticate your new (OTR) keys. I agree that it's approximately > pointless to put unsigned copies of your OTR keys on your webpage. > But if you've got GPG, and you put up a signed copy, you'll never have > to do the voice verification with your friends again (assuming they > already trust your GPG key). We need a plugin, I agree. The problem is that I'd like to be able to do the following: - Automate key verification (requires some standard) (eg GPG signing, in some recognisable format) - Not store all (signed) keys in one place preferably (but we could, since it is signed with). Distribution is good. We could think of some 'standard way' of adding an "otr" identity to our existing GPG keys. I currently have multiple IDs with my key. They are currently all linking email identities. But it could also link an OTR identity. The information we need to put in such an additional PGP/GPG identity is: 1) Protocol / server (AIM, MSN, jabber at jabber.org, jabber at jabber.xs4all.nl) 2) IM name(s) (multiple in case of jabber? Or allow PaulWouters/* ?) 3) OTR fingerprint, [4) OTR version?]. Then we just need a plugin that queries GPG/PGP servers. I am not sure if we can do wildcard searches effectively on those servers, or whether we need to use OTR to inline communicate the GPG keyid that supposedly signed our OTR fingerprint. eg do a leap of faith and verify. One thing that comes to mind is it creates cruft in the keyservers, but AFAIK those are being cleaned up in a way that 'any old data not resigned will be deleted', so that things like lost private keys will not clutter up the key servers. You would likely want to use reasonably short lived keys for this reason. You can't keep adding identities to your real key, it would be come a mess. So I think what we need is to create a subkey (or new GPG key especially for OTR) that is just signed by your real GPG/PGP key. It can expire quickly, you can make a new one, and even revoke it if your OTR private key is stolen. Is this scheme vulnerable to an attack? Are there potential key rollover issues? Will the GPG keyserver people hunt us down for doing this? Paul From CLAY at BROKENLADDER.COM Fri Nov 11 01:43:31 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 10 Nov 2005 22:43:31 -0800 Subject: [OTR-users] the brotherhood Message-ID: <9129d8bb0511102243m65eb2fc0i689aa75871d64d20@mail.gmail.com> oh, and just a quick question. for anyone who's read 1984.. does a "brotherhood" exist? my openpgp key -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Fri Nov 11 11:41:06 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 11 Nov 2005 17:41:06 +0100 (CET) Subject: automating GPG/OTR lookups, was Re: [OTR-users] generating keys In-Reply-To: <9129d8bb0511102234i4d82f489m6f00a6fc2b6491ab@mail.gmail.com> References: <9129d8bb0511101147q1c6cbd78j1f5c32fc7286b08f@mail.gmail.com> <20051110202922.GW847@smtp.paip.net> <9129d8bb0511101353k199d3d42k3159cdd5d3d920d7@mail.gmail.com> <20051110220518.GX847@smtp.paip.net> <9129d8bb0511102234i4d82f489m6f00a6fc2b6491ab@mail.gmail.com> Message-ID: On Thu, 10 Nov 2005, CLAY SHENTRUP wrote: > my only point leading into this was simply, i don't want a different key > made for every resource. there should just be one key generated per account > per .gaim folder. this also makes sense with respect to the fact that > non-jabber accounts don't even have "resource". I think the only way to do this (ofcourse assuming you want to publicly link your identity to an OTR identity to begin with) is to have one key with subkeys as identities. > as for using gpg; if you want to do it, just put your pgp-signed otr > fingerprint on your web site, or as an email attachment. wouldn't that > suffice? The whole point is that this approach does not automate in a plugin for people. I want the otr plugin to check my public pgp key ring, and then be able to automatically verify keys signed by people I trust through my web of trust. Eg If I have Ian's key, and i trust him fully, and he has signed Nikita's key, then if Nikita OTR's me, I want to see a verified fingerprint without me doing anything. Paul -- "Happiness is never grand" --- Mustapha Mond, World Controller (Brave New World) From bdesham at gmail.com Fri Nov 11 22:45:51 2005 From: bdesham at gmail.com (Benjamin Esham) Date: Fri, 11 Nov 2005 22:45:51 -0500 Subject: [OTR-users] Newbie questions about verifying your buddies' fingerprints Message-ID: Hello all, I'm using the OTR plugin for Adium (so I'm using the older version of the OTR protocol). The idea of encrypted IMing is great, though I haven't yet been able to coerce any of my friends to convert to an OTR-capable IM client :-) My question is this: I should be verifying my buddies' fingerprints before I start conversations, right? In other words, is OTR like OpenPGP to the extent that I need to verify that the key [fingerprint] really belongs to the buddy I think I'm talking to? This seems like a standard process for encrypted information exchange, but the website says nothing about confirming your buddy's fingerprint. If it is true that you should verify your fingerprints, would it make sense (as another poster just asked) to publish my OTR fingerprint online, signed by my GPG key? (If /that/'s true, is there any particular reason why the window displaying the fingerprint in Adium won't allow the fingerprint to be copied, and even disappears when switching to another application?) Thanks for answers to any of these questions! -- Benjamin D. Esham bdesham at gmail.com | http://bdesham.net | AIM: bdesham128 Wikipedia, the Free Encyclopedia ? http://en.wikipedia.org -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: From ian at cypherpunks.ca Fri Nov 11 22:53:57 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 11 Nov 2005 22:53:57 -0500 Subject: [OTR-users] Newbie questions about verifying your buddies' fingerprints In-Reply-To: References: Message-ID: <20051112035357.GG847@smtp.paip.net> On Fri, Nov 11, 2005 at 10:45:51PM -0500, Benjamin Esham wrote: > Hello all, > > I'm using the OTR plugin for Adium (so I'm using the older version of > the OTR protocol). The idea of encrypted IMing is great, though I > haven't yet been able to coerce any of my friends to convert to an > OTR-capable IM client :-) > > My question is this: I should be verifying my buddies' fingerprints > before I start conversations, right? In other words, is OTR like > OpenPGP to the extent that I need to verify that the key > [fingerprint] really belongs to the buddy I think I'm talking to? > This seems like a standard process for encrypted information > exchange, but the website says nothing about confirming your buddy's > fingerprint. Everything you say is correct. In the new gaim-otr, there's more help text (both in an expander in the "unknown fingerprint" dialog, as well as in web-based help reachable from various places in the app) to explain the process. > If it is true that you should verify your fingerprints, would it make > sense (as another poster just asked) to publish my OTR fingerprint > online, signed by my GPG key? Yup, that's a perfectly reasonable thing to do. [Make sure to include your IM name and protocol along with the fingerprint in the signed message, though.] > (If /that/'s true, is there any > particular reason why the window displaying the fingerprint in Adium > won't allow the fingerprint to be copied, and even disappears when > switching to another application?) Can't help you with that; I don't use OS X. Evan's responsible for the OTR integration in Adium X. Evan, can you speak to this issue? - Ian From bdesham at gmail.com Sat Nov 12 00:28:11 2005 From: bdesham at gmail.com (Benjamin Esham) Date: Sat, 12 Nov 2005 00:28:11 -0500 Subject: [OTR-users] Newbie questions about verifying your buddies' fingerprints In-Reply-To: <20051112035357.GG847@smtp.paip.net> References: <20051112035357.GG847@smtp.paip.net> Message-ID: <8830734C-5CFF-4392-88F2-00FE679191A9@gmail.com> Ian Goldberg wrote: > Benjamin Esham wrote: > >> I should be verifying my buddies' fingerprints before I start >> conversations, right? [snip] > > Everything you say is correct. In the new gaim-otr, there's more help > text (both in an expander in the "unknown fingerprint" dialog, as > well as > in web-based help reachable from various places in the app) to > explain the > process. OK. Maybe it's just because I'm using Adium and not Gaim, but in any event I never saw this part of the process explained. >> If it is true that you should verify your fingerprints, would it make >> sense (as another poster just asked) to publish my OTR fingerprint >> online, signed by my GPG key? > > Yup, that's a perfectly reasonable thing to do. [Make sure to include > your IM name and protocol along with the fingerprint in the signed > message, though.] OK, done :-) >> (If /that/'s true, is there any particular reason why the window >> displaying the fingerprint in Adium won't allow the fingerprint to be >> copied, and even disappears when switching to another application?) > > Can't help you with that; I don't use OS X. Evan's responsible for > the > OTR integration in Adium X. Evan, can you speak to this issue? To be fair, this is probably a bug, not an intended feature. (It is a rather annoying bug, though; 40-character hashes sound like a great idea until you have to manually retype one, switching applications every 4 characters :-)) Thanks for clearing up these questions! Cheers, -- Benjamin D. Esham bdesham at gmail.com | http://bdesham.net | AIM: bdesham128 "The wizards represent all that the true 'Muggle' most fears: They are plainly outcasts and comfortable with being so. Nothing is more unnerving to the truly conventional than the unashamed misfit!" ? J.K. Rowling -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: From bdesham at gmail.com Sat Nov 12 10:53:03 2005 From: bdesham at gmail.com (Benjamin Esham) Date: Sat, 12 Nov 2005 10:53:03 -0500 Subject: [OTR-users] Re: [OT] Getting people to switch to Jabber (was: Newbie questions about verifying your buddies' fingerprints) In-Reply-To: <9129d8bb0511112205i23ec7d94p41071e70b2c100ee@mail.gmail.com> References: <20051112035357.GG847@smtp.paip.net> <8830734C-5CFF-4392-88F2-00FE679191A9@gmail.com> <9129d8bb0511112205i23ec7d94p41071e70b2c100ee@mail.gmail.com> Message-ID: [re-cc'ing to list] On Nov 12, 2005, at 1:05 AM, CLAY SHENTRUP wrote: > if you want to be really elite, get a jabber address and give up on > the > proprietary obsolete protocols. ;) You're talking about AIM, right? I try to use Jabber or Google Talk whenever possible, but as of yet none of my friends have a clue what either of those is. Some kind of grassroots campaign to get people to switch to Gaim and Jabber would be nice; the Firefox people seem to have been quite successful with Spread Firefox. I seem to remember something on Ross Burton's blog about a Jabber advocacy site, but AFAIK nothing ever happened with that. Cheers, -- Benjamin D. Esham bdesham at gmail.com | http://bdesham.net | AIM: bdesham128 Wikipedia, the Free Encyclopedia ? http://en.wikipedia.org -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: From alaricx at gmail.com Sun Nov 13 16:23:19 2005 From: alaricx at gmail.com (Dustin Howett) Date: Sun, 13 Nov 2005 16:23:19 -0500 Subject: [OTR-users] A source patch.. location? Message-ID: To whom or where would I send a gaim-2.0.0 compatibility patch? My modification causes me no trouble and I seek someone to send it to. From ian at cypherpunks.ca Sun Nov 13 17:24:49 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 13 Nov 2005 17:24:49 -0500 Subject: [OTR-users] A source patch.. location? In-Reply-To: References: Message-ID: <20051113222449.GL847@smtp.paip.net> On Sun, Nov 13, 2005 at 04:23:19PM -0500, Dustin Howett wrote: > To whom or where would I send a gaim-2.0.0 compatibility patch? My > modification causes me no trouble and I seek someone to send it to. Either the dev team at , or the otr-dev mailing list at . - Ian From CLAY at BROKENLADDER.COM Thu Nov 17 02:34:53 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Wed, 16 Nov 2005 23:34:53 -0800 Subject: [OTR-users] gaim 2.0 Message-ID: <9129d8bb0511162334j22400b7fya9360afc32ac05f4@mail.gmail.com> just a heads up, gaim 2.0 will be out in a couple months. will otr be modified to compile for it? it will support sip. any chance the otr devs might be up for adding some srtp goodness to that? :) the important thing is that the key exchange is done through diffie-hellman, and usable regardless of whether you've verified the "fingerprints". so far you have to use "certificates" for srtp sessions in every client i've seen. this is bad bad business. thanks, clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Nov 17 08:51:57 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 17 Nov 2005 08:51:57 -0500 Subject: [OTR-users] gaim 2.0 In-Reply-To: <9129d8bb0511162334j22400b7fya9360afc32ac05f4@mail.gmail.com> References: <9129d8bb0511162334j22400b7fya9360afc32ac05f4@mail.gmail.com> Message-ID: <20051117135157.GO847@smtp.paip.net> On Wed, Nov 16, 2005 at 11:34:53PM -0800, CLAY SHENTRUP wrote: > just a heads up, gaim 2.0 will be out in a couple months. will otr be > modified to compile for it? It will be. Someone's sent in a patch; we'll be working it out over on the otr-dev list. > it will support sip. any chance the otr devs might be up for adding some > srtp goodness to that? :) the important thing is that the key exchange is > done through diffie-hellman, and usable regardless of whether you've > verified the "fingerprints". so far you have to use "certificates" for srtp > sessions in every client i've seen. this is bad bad business. No promises. ;-) Note that just because a protocol uses Diffie-Hellman doesn't give it all the same privacy properties as OTR. It may not provide the same deniability aspects, and if the D-H is only done once per session, your forward secrecy window may be very large. It may not even provide authentication! [Trillian's SecureIM falls into this category, for example.] If you don't have something like a certificate for the guy at the other end, how do you know it's really him, and not a man-in-the-middle passing your traffic back and forth (reading it along the way)? - Ian From CLAY at BROKENLADDER.COM Thu Nov 17 15:03:54 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 17 Nov 2005 12:03:54 -0800 Subject: [OTR-users] gaim 2.0 In-Reply-To: <20051117135157.GO847@smtp.paip.net> References: <9129d8bb0511162334j22400b7fya9360afc32ac05f4@mail.gmail.com> <20051117135157.GO847@smtp.paip.net> Message-ID: <9129d8bb0511171203w1696b29ar4cfad1c4777b83fd@mail.gmail.com> > > It may not provide the same deniability aspects the third type of mikey key agreement uses signed diffie-hellman "half-keys", like otr. perfect forward secrecy, and plausible deniability. granted though, it may not use a type of aes where a substitution is plausible. of course, your voice is hard to deny anyway. > and if the D-H is only done once > per session, your forward secrecy window may be very large. rfc 3711 states: SRTP provides for some additional features. They have been introduced to lighten the burden on key management and to further increase security. They include: * A single "master key" can provide keying material for confidentiality and integrity protection, both for the SRTP stream and the corresponding SRTCP stream. This is achieved with a key derivation function (see Section 4.3), providing "session keys" for the respective security primitive, securely derived from the master key. * In addition, the key derivation can be configured to periodically refresh the session keys, which limits the amount of ciphertext produced by a fixed key, available for an adversary to cryptanalyze. * "Salting keys" are used to protect against pre-computation and time-memory tradeoff attacks [MF00] [BS00]. It may not even provide authentication! mikey has three key agreement schemes, the third of which is similar to OTR, in that diffie-hellman is used with signed "half keys". the frustrating thing though, is that it uses "certificates", which have to be verifiable with some cert authority presumably. my feeling is that it should work like OTR, where even if you don't verify the fingerprint, it still "works", but just says "unauthenticated". and if you push some button on your phone, you can view either your session id hash or your fingerprint, and speak it to someone whose voice you know, to rule out a mim. one frustrating feature of minisip, is that it won't let you choose that type of mikey key agreement without putting in a digital cert first. argghhhhh.. this documentdescribes some alteration of this third scheme, to avoid the need for public keys. but i don't know how "keyed hashes" can remove the need for some sort of digital signature of the public dh generator "half keys". otr is fine and all, but when i get a little money saved up, and really get my underground anti-government resistance up and running, i want hard core deniable authenticated sip calls. i just wish the people behind srtp/mikey were as brilliant as you, ian. and back to the gaim issue. i guess their sip support will just be for text atm. funny, since instant messaging in sip is more of an afterthought, and nowhere near as robust as jabber. their voice support will be compatible with google talk..a proprietary system that google promises to switch to sip eventually anyway. argghhhh. thanks for the response, clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Thu Nov 17 15:50:11 2005 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Thu, 17 Nov 2005 15:50:11 -0500 Subject: [OTR-users] Feature request- Revoke identity Message-ID: Perhaps this should have been made at the last protocol change.. but I didn't have cause for it until now... I'd like to be able to select any identity I have the private key for, and hit a revoke and replace button. This will create a new identity, with the old one tagged below it as revoked. Whenever I talk to someone with this new identity it will provide them with proof it knew the old identity's private key. The old identity is then marked in their list as revoked and the software should refuse to communicate over it, even if they have not yet verified the new identity (if an attacker has my key I couldn't be more pleased if he went around using it to revoke it rather than using it to impersonate me!) I thought it might also be useful if users exchanged lists of revokes to insure the revocation gets around quickly, but there are too many privacy problems with that ("oh, you also know user X"). The application is if you are aware that your key has been compromised you can quickly cause other users to stop using it to prevent impersonation. If you actually lose the key then you couldn't create revokes, ... but I guess we can't have everything. I have no clue if this can be easily fit into the current protocol, but I feel confident that we should eventually have the feature. From ian at cypherpunks.ca Thu Nov 17 16:11:35 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 17 Nov 2005 16:11:35 -0500 Subject: [OTR-users] Feature request- Revoke identity In-Reply-To: References: Message-ID: <20051117211135.GP847@smtp.paip.net> On Thu, Nov 17, 2005 at 03:50:11PM -0500, Gregory Maxwell wrote: > I'd like to be able to select any identity I have the private key for, > and hit a revoke and replace button. This will create a new identity, > with the old one tagged below it as revoked. Whenever I talk to > someone with this new identity it will provide them with proof it knew > the old identity's private key. The old identity is then marked in > their list as revoked and the software should refuse to communicate > over it, even if they have not yet verified the new identity (if an > attacker has my key I couldn't be more pleased if he went around using > it to revoke it rather than using it to impersonate me!) Looks pretty easy, but I think the details may be tricky. Just create a revocation cert at the time you create the key. Store it on disk, alongside the key. You should back up the revocation cert list, even if you don't back up your private keys. Then I can send you recovation certs, but you'll need to remember all the ones you ever see, in case I send you "Revoke key A", but you've not (yet) heard of key A, but later on, you do. And will you have to keep sending that revocation forever? Or should there be some negotiation like "Here's a hash of my entire revocation history" / "yup; I've got all that, thanks"? The wire protocol wouldn't have to change for this; a new TLV for "revocation certificates" should work fine. Older clients would just ignore it, which is as good a behaviour as you could expect. Can you file an RFE on sourceforge for this so we don't forget? ;-) The other hard part, of course, is making this make sense to people who have never heard of keys or certificates or encryption. - Ian From paul at cypherpunks.ca Fri Nov 18 02:06:37 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 18 Nov 2005 08:06:37 +0100 (CET) Subject: [OTR-users] Feature request- Revoke identity In-Reply-To: References: Message-ID: On Thu, 17 Nov 2005, Gregory Maxwell wrote: > someone with this new identity it will provide them with proof it knew > the old identity's private key. The old identity is then marked in > their list as revoked and the software should refuse to communicate > over it, even if they have not yet verified the new identity (if an > attacker has my key I couldn't be more pleased if he went around using > it to revoke it rather than using it to impersonate me!) Uhm, couldn't the attacker do the same with with the stolen key, and inject new false identities to your buddies too? I'd prefer using OTR identities in GPG (sub)keys. There you can do all the revoke/sign/trust relationships already. We just need to bind those to OTR identities (with a special (sub)key combing my GPG entity with my OTR keys and IM identities). This was discussed before a few weeks back, but the developers were eerily quiet and probably don't want to be known as "the people who put all those keys in the PGP keyservers". Paul From ian at cypherpunks.ca Fri Nov 18 06:53:15 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 18 Nov 2005 06:53:15 -0500 Subject: [OTR-users] Feature request- Revoke identity In-Reply-To: References: Message-ID: <20051118115315.GR847@smtp.paip.net> On Fri, Nov 18, 2005 at 08:06:37AM +0100, Paul Wouters wrote: > On Thu, 17 Nov 2005, Gregory Maxwell wrote: > > > someone with this new identity it will provide them with proof it knew > > the old identity's private key. The old identity is then marked in > > their list as revoked and the software should refuse to communicate > > over it, even if they have not yet verified the new identity (if an > > attacker has my key I couldn't be more pleased if he went around using > > it to revoke it rather than using it to impersonate me!) > > Uhm, couldn't the attacker do the same with with the stolen key, and > inject new false identities to your buddies too? But the *new* key wouldn't be trusted. The only way to trust a key (at the moment) is to indicate that you've manually verified it. This is a mechanism only to automatically *untrust* keys. [And it's a little stronger than the "untrust" we've got now, which just marks the key as unverified; it will actually mark it as explicitly untrusted, and refuse to use it.] > I'd prefer using OTR identities in GPG (sub)keys. There you can do all the > revoke/sign/trust relationships already. We just need to bind those to OTR > identities (with a special (sub)key combing my GPG entity with my OTR keys > and IM identities). > > This was discussed before a few weeks back, but the developers were eerily > quiet and probably don't want to be known as "the people who put all those > keys in the PGP keyservers". Actually, I thought it was at least a semi-plausible idea that bears further looking at. But not just right at this moment. You did catch the major tricky bit that most people miss: they say "I want to use my existing GPG key to sign my OTR key and have it checked automatically!" but they neglect to realize that you need some way to know that the GPG key for is allowed to sign for the AIM ID otr4ian. You correctly point out that you should add a subkey to your GPG key with some automatically parsable ID like or something like that. Howver, one of the big downsides of relying on GPG for the revocation/etc. behaviour is that (approximately) no one understands how to use it. OTR is supposed to be usable for anyone that can use, say, gaim. If it's not, that's a potential bug that needs to be fixed, keeping in mind that we need to maintain appropriate security. I'm all for "reducing it to a previously solved problem", as the mathematicians are wont to say. But I don't think that GPG revocation certs are a previously solved problem. - Ian From gdt at ir.bbn.com Tue Nov 22 11:41:15 2005 From: gdt at ir.bbn.com (Greg Troxel) Date: 22 Nov 2005 11:41:15 -0500 Subject: [OTR-users] Feature request- Revoke identity In-Reply-To: <20051118115315.GR847@smtp.paip.net> References: <20051118115315.GR847@smtp.paip.net> Message-ID: I'm all for "reducing it to a previously solved problem", as the mathematicians are wont to say. But I don't think that GPG revocation certs are a previously solved problem. Solved as a protocol issue, but not as in training normal people to do key management. I'd say it's better for OTR to leverage the protocol, and what clue there is, than to roll its own, absent a compelling reason why such a path is broken. -- Greg Troxel From rabbi at abditum.com Tue Nov 22 11:57:25 2005 From: rabbi at abditum.com (Len Sassaman) Date: Tue, 22 Nov 2005 08:57:25 -0800 (PST) Subject: [OTR-users] Feature request- Revoke identity In-Reply-To: References: Message-ID: On Fri, 18 Nov 2005, Paul Wouters wrote: > Uhm, couldn't the attacker do the same with with the stolen key, and > inject new false identities to your buddies too? > > I'd prefer using OTR identities in GPG (sub)keys. There you can do all the > revoke/sign/trust relationships already. We just need to bind those to OTR > identities (with a special (sub)key combing my GPG entity with my OTR keys > and IM identities). If you're going to do this, you probably want to talk to the OpenPGP folks about creating an OTR-specific packet for this purpose. However, I think that tying OTR into OpenPGP is probably somewthing we want to avoid -- the Web of Trust is a pretty bad idea, from a privacy-concern standpoint.