From jmoschetti45 at gmail.com Sun Oct 9 16:03:40 2005 From: jmoschetti45 at gmail.com (Joe Moschetti) Date: Sun, 9 Oct 2005 16:03:40 -0400 Subject: [OTR-users] Conflict with gaim-encryption plugin Message-ID: I'm using gaim 1.5.0 for windows and the latest version of the gaim-encryption plugin and the OTR plugin. When I attempt to use both plugins at the same time when talking to someone I get "OTR Error: You sent unencrypted data to jmoschetti45, who was expecting encrypted messages from you." on one end and "The following message received from jmoschetti46 was not encrypted: [test]" on the other. This only happens when I use both plugins at the same time. I believe that somewhat defies the point, but I was curious and wanted to try it. Any solutions? -- Joe Moschetti http://jmoschetti45.ath.cx/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Sun Oct 9 16:49:07 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 9 Oct 2005 16:49:07 -0400 Subject: [OTR-users] Conflict with gaim-encryption plugin In-Reply-To: References: Message-ID: <20051009204907.GH847@smtp.paip.net> On Sun, Oct 09, 2005 at 04:03:40PM -0400, Joe Moschetti wrote: > I'm using gaim 1.5.0 for windows and the latest version of the > gaim-encryption plugin and the OTR plugin. When I attempt to use both > plugins at the same time when talking to someone I get "OTR Error: You sent > unencrypted data to jmoschetti45, who was expecting encrypted messages from > you." on one end and "The following message received from jmoschetti46 was > not encrypted: [test]" on the other. This only happens when I use both > plugins at the same time. I believe that somewhat defies the point, but I > was curious and wanted to try it. Any solutions? gaim-encryption and gaim-otr both assume that no other plugin is going to mess with its output. gaim-encryption sends encrypted data directly to the IM network, while gaim-otr sends protocol setup messages that way (though it does pass data messages through whatever other plugins are installed). The result is that gaim-otr can set up a private channel, but when you type a message, gaim-encryption will encrypt and send it before gaim-otr has a chance to gets its hands on it. So the other side will receive a gaim-encrypted message, which gaim-encryption will decrypt to plaintext, and pass to the next plugin, gaim-otr, which complains that it received plaintext when it expected OTR-encrypted data. [Note that this behaviour only appears if gaim-encryption is before gaim-otr in gaim's internal plugin list; slightly different (but equally nonsensical) behaviour occurs if it's in the other order.] The solution? As you might expect, Don't Do That, Then. ;-) It's not like you're getting the benefits of both plugins; you're effectively just using gaim-encryption. In fact, even if both plugins *were* being used, and you ended up with some sort of nested gaim-encryption of OTR-encryption, you *still* lose over OTR alone, since the signature on the gaim-encryption layer will defeat the deniability of the OTR layer. Out of curiosity, is gaim-encryption useful in some way that gaim-otr isn't? I've only used it briefly (mainly in diagnosing problems like this), but it seems that gaim-otr has a strict superset of the functionality of gaim-encryption. Is there a reason for two people who have both to want to turn on gaim-encryption? Thanks, - Ian From mail at christian-bick.de Sun Oct 9 17:49:34 2005 From: mail at christian-bick.de (Christian Bick) Date: Sun, 09 Oct 2005 23:49:34 +0200 Subject: [OTR-users] Gaims logs Message-ID: <4349906E.6040101@christian-bick.de> Hi, I use the gaim-otr under GNU/Linux, am I'd like to log all my unencryptet conversations. My problem is, that gaim logs all conversations, even the otr encryptet ones, in unencryptet text, so that everyone could read it. Now I wantet to ask if it would be possible to add something like a checkbox in the plugin configuration, that says "Do not log otr-encryptet messages." or something like that. Unfortunatly I'm not a coder, so i cant do it on my own. Greets Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From ian at cypherpunks.ca Mon Oct 10 09:06:57 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 10 Oct 2005 09:06:57 -0400 Subject: [OTR-users] Gaims logs In-Reply-To: <4349906E.6040101@christian-bick.de> References: <4349906E.6040101@christian-bick.de> Message-ID: <20051010130657.GI847@smtp.paip.net> On Sun, Oct 09, 2005 at 11:49:34PM +0200, Christian Bick wrote: > Hi, > > I use the gaim-otr under GNU/Linux, am I'd like to log all my > unencryptet conversations. My problem is, that gaim logs all > conversations, even the otr encryptet ones, in unencryptet text, so > that everyone could read it. > > Now I wantet to ask if it would be possible to add something like a > checkbox in the plugin configuration, that says "Do not log > otr-encryptet messages." or something like that. > > Unfortunatly I'm not a coder, so i cant do it on my own. That's a plausible feature request. Could you add it to the tracker at http://sourceforge.net/tracker/?group_id=128860&atid=713091 ? Thanks, - Ian From gdt at ir.bbn.com Mon Oct 10 13:57:14 2005 From: gdt at ir.bbn.com (Greg Troxel) Date: 10 Oct 2005 13:57:14 -0400 Subject: [OTR-users] Conflict with gaim-encryption plugin In-Reply-To: <20051009204907.GH847@smtp.paip.net> References: <20051009204907.GH847@smtp.paip.net> Message-ID: I had the same problem, but I don't think "don't do that" is entirely reasonable. Out of curiosity, is gaim-encryption useful in some way that gaim-otr isn't? I've only used it briefly (mainly in diagnosing problems like this), but it seems that gaim-otr has a strict superset of the functionality of gaim-encryption. Is there a reason for two people who have both to want to turn on gaim-encryption? I would say that no, if both have OTR, gaim-encryption is not useful. I installed gaim-encryption to test it when handling an upgrade PR for gaim-encryption's pkgsrc entry, and ran into what seems like the same problem. I think the root of the problem is that there is opportunistic support in both plugins. OTR appends whitespace tags and negotiates, and I'm not sure what gaim-encryption does. But, if they are in the same order (and reverse order on the way back) each should be able to operate, with OTR setup messages being carried over gaim-encryption or the other way around. This wouldn't be useful in a crypto sense, except that having a working conversation is more useful than not. So, I think gaim needs plugin ordering tokens, so that there can be consistent ordering for plugins across clients. And then gaim-encryption, or perhaps OTR, may need some help. All that said, given that OTR is better than gaim-encryption and I don't have any friends who use it and not OTR, I'm not inclined to spend cycles on this, and I certainly wouldn't expect Ian to do so. -- Greg Troxel From james.mahler at gmail.com Thu Oct 13 22:35:38 2005 From: james.mahler at gmail.com (James Mahler) Date: Thu, 13 Oct 2005 21:35:38 -0500 Subject: [OTR-users] picture buttons Message-ID: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> Hello, I just stumbled across gaim-otr plugin tonight because well the need for it just arose recently. I think it's a great idea and wish that I could get everyone to install the plugin so I could have more secure IMs. Anyways, my idea was just an aesthetic one. My conversation window has the buttons set to just pictures. However the OTR button is just text. I'd think OTR could tie in transparently with gaim (you wouldn't even know it was a plugin) if the button were say a lock that was open and a lock that was locked (to show private or not). I'm not on the mailing list or anything, just an idea to perhaps help the project out. Maybe there is someone good with gtk but not with security that wants to help out (I am horrible with gtk and never got the patience to learn it as I learned others first and am stuck in my ways :)). James Mahler From ian at cypherpunks.ca Fri Oct 14 01:45:34 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 14 Oct 2005 01:45:34 -0400 Subject: [OTR-users] picture buttons In-Reply-To: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> Message-ID: <20051014054534.GO847@smtp.paip.net> On Thu, Oct 13, 2005 at 09:35:38PM -0500, James Mahler wrote: > Anyways, my idea was just an aesthetic one. My conversation > window has the buttons set to just pictures. However the OTR button > is just text. I'd think OTR could tie in transparently with gaim (you > wouldn't even know it was a plugin) if the button were say a lock that > was open and a lock that was locked (to show private or not). That's actually already implemented in the CVS version (though with different icons). Thanks for the feedback, though! - Ian From CLAY at BROKENLADDER.COM Fri Oct 14 01:53:30 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Fri, 14 Oct 2005 05:53:30 +0000 Subject: [OTR-users] picture buttons In-Reply-To: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> Message-ID: <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> i've totally thought the same thing. i was thinking about this just the other day. it seems so trite, but it would just look so much better. hopefully they'll add this. shouldn't be hard really. one thing though. did they ever get that "bug" fixed where eve can make bob think alice's message is coming from her? On 10/14/05, James Mahler wrote: > > Hello, > > I just stumbled across gaim-otr plugin tonight because well the > need for it just arose recently. I think it's a great idea and wish > that I could get everyone to install the plugin so I could have more > secure IMs. > > Anyways, my idea was just an aesthetic one. My conversation > window has the buttons set to just pictures. However the OTR button > is just text. I'd think OTR could tie in transparently with gaim (you > wouldn't even know it was a plugin) if the button were say a lock that > was open and a lock that was locked (to show private or not). > > I'm not on the mailing list or anything, just an idea to perhaps > help the project out. Maybe there is someone good with gtk but not > with security that wants to help out (I am horrible with gtk and never > got the patience to learn it as I learned others first and am stuck in > my ways :)). > > James Mahler > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- IN A FEBRUARY 2004 SPEECH AT GEORGETOWN UNIVERSITY, CIA DIRECTOR TENET REVEALED THAT CIA "ANALYSTS NEVER SAID THERE WAS AN IMMINENT THREAT" FROM IRAQ BEFORE THE WAR. --http://bushlies.net/pages/10/index.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: From kat at paip.net Fri Oct 14 02:02:26 2005 From: kat at paip.net (Kat Hanna) Date: Fri, 14 Oct 2005 02:02:26 -0400 (EDT) Subject: [OTR-users] picture buttons In-Reply-To: <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> Message-ID: On Fri, 14 Oct 2005, CLAY SHENTRUP wrote: > i've totally thought the same thing. i was thinking about this just the > other day. it seems so trite, but it would just look so much better. > hopefully they'll add this. shouldn't be hard really. As noted by Ian, this is in the CVS version. > one thing though. did they ever get that "bug" fixed where eve can make bob > think alice's message is coming from her? The fix for this, which is a new protocol version, is in development. [See the dev list for details.] It should be out within the next month or so. -Kat > On 10/14/05, James Mahler wrote: > > > > Hello, > > > > I just stumbled across gaim-otr plugin tonight because well the > > need for it just arose recently. I think it's a great idea and wish > > that I could get everyone to install the plugin so I could have more > > secure IMs. > > > > Anyways, my idea was just an aesthetic one. My conversation > > window has the buttons set to just pictures. However the OTR button > > is just text. I'd think OTR could tie in transparently with gaim (you > > wouldn't even know it was a plugin) if the button were say a lock that > > was open and a lock that was locked (to show private or not). > > > > I'm not on the mailing list or anything, just an idea to perhaps > > help the project out. Maybe there is someone good with gtk but not > > with security that wants to help out (I am horrible with gtk and never > > got the patience to learn it as I learned others first and am stuck in > > my ways :)). > > > > James Mahler > > > > _______________________________________________ > > OTR-users mailing list > > OTR-users at lists.cypherpunks.ca > > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > > > > > -- > IN A FEBRUARY 2004 SPEECH AT GEORGETOWN UNIVERSITY, CIA > DIRECTOR TENET REVEALED THAT CIA "ANALYSTS NEVER SAID > THERE WAS AN IMMINENT THREAT" FROM IRAQ BEFORE THE WAR. > > --http://bushlies.net/pages/10/index.htm > From CLAY at BROKENLADDER.COM Fri Oct 14 02:08:50 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Fri, 14 Oct 2005 06:08:50 +0000 Subject: [OTR-users] picture buttons In-Reply-To: References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> Message-ID: <9129d8bb0510132308j4a3d547do51f1cb021597f1e2@mail.gmail.com> > > The fix for this, which is a new protocol version, is in development. > [See the dev list for details.] It should be out within the next month > or so. Then I also hope I'll never have to see a message to the effect of "you sent encrypted data to..who wasn't expecting it". If the session isn't encrypted, my data should just go through unencrypted, or perhaps there could be an option to have it ask you first to make sure, just in case you're not capable of looking at the lock icon first. -end- -- IN A FEBRUARY 2004 SPEECH AT GEORGETOWN UNIVERSITY, CIA DIRECTOR TENET REVEALED THAT CIA "ANALYSTS NEVER SAID THERE WAS AN IMMINENT THREAT" FROM IRAQ BEFORE THE WAR. --http://bushlies.net/pages/10/index.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Fri Oct 14 11:14:23 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 14 Oct 2005 17:14:23 +0200 (CEST) Subject: [OTR-users] picture buttons In-Reply-To: <9129d8bb0510132308j4a3d547do51f1cb021597f1e2@mail.gmail.com> References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> <9129d8bb0510132308j4a3d547do51f1cb021597f1e2@mail.gmail.com> Message-ID: On Fri, 14 Oct 2005, CLAY SHENTRUP wrote: > > Then I also hope I'll never have to see a message to the effect of "you sent > encrypted data to..who wasn't expecting it". If the session isn't encrypted, > my data should just go through unencrypted, or perhaps there could be an > option to have it ask you first to make sure, just in case you're not > capable of looking at the lock icon first. You can'y. If we are talking securely, and you quit gaim and log back in, we no longer have a secure connection, but I don't know about that, so I just send you an encrypted message. Currently, you will respond by setting up a secure connection, and my end will automatically resend the previous message with the new encryption keys. Paul From gdt at ir.bbn.com Fri Oct 14 12:21:07 2005 From: gdt at ir.bbn.com (Greg Troxel) Date: 14 Oct 2005 12:21:07 -0400 Subject: [OTR-users] picture buttons In-Reply-To: <9129d8bb0510132308j4a3d547do51f1cb021597f1e2@mail.gmail.com> References: <924783600510131935i16344934lb8b6da1873339b50@mail.gmail.com> <9129d8bb0510132253w5ce7083ak9511a9456b512615@mail.gmail.com> <9129d8bb0510132308j4a3d547do51f1cb021597f1e2@mail.gmail.com> Message-ID: CLAY SHENTRUP writes: > Then I also hope I'll never have to see a message to the effect of "you sent > encrypted data to..who wasn't expecting it". Perhaps that's just a UI issue, but I prefer to see that than to have the key exchange and retransmit be silent. > If the session isn't encrypted, my data should just go through > unencrypted, That's totally broken from a security viewpoint; if there's a reason not to send data in the clear, it shouldn't happen without conscious effort. I set policy to 'require OTR' for most people, so if I don't have an OTR security association key exchange is forced. > or perhaps there could be an option to have it ask you > first to make sure, just in case you're not capable of looking at > the lock icon first. It's not a questions of not being capable; crypto UIs should enable people who are tired or stressed to make the right choices without having to be careful. Having to check lock icon constantly fails this test. -- Greg Troxel From ian at cypherpunks.ca Sun Oct 16 17:14:21 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 16 Oct 2005 17:14:21 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing Message-ID: <20051016211421.GT847@smtp.paip.net> After what seems like forever, the new gaim-otr and otrproxy are ready for beta testing. Please report problems you encounter, particularly when you and/or your buddy is logged in multiple times; we don't have a good handle on how that should be resolved just yet. The primary change in this version is the implementation of OTR Protocol version 2, using the SIGMA AKE (Authenticated Key Exchange). This resolves the identity-binding flaw that was pointed out in version 1. This version will fall back to version 1 if your buddy can't speak version 2, but it will warn you it's doing so. Other changes include: gaim-otr: - Almost all of the popups have been changed to inline messages. - New fingerprints don't block everything until you verify them; rather, you are merely informed of the new fingerprint, and conversations using it will be marked "Unverified" until you indicate that you've verified it (at which point the conversations will be marked "Private"). - The OTR button now has icons in addition to text (and they properly obey gaim's "text and/or icons" setting), as well as a right-button context menu containing some useful options. otrproxy: - Handle non-ASCII charsets properly. Not implemented yet: - Being able to configure whether to fall back to version 1 or not. You can check out the new code from sourceforge CVS: http://sourceforge.net/cvs/?group_id=128860 We've also built some Windows binaries. NOTE: there are not installers; they're meant to replace the corresponding files in older versions. So if you've already got an older version of gaim-otr installed, just replace the gaim-otr.dll file with the one in the gaim-otr zip file. Similarly, replace the otrproxy.exe file you've got with the one in the otrproxy zip file. If you don't have OTR software installed yet, either install the last release, and continue as above, or just sit tight and wait for a release. ;-) http://otr.cypherpunks.ca/binaries/windows/gaim-otr-3.0.0beta1-win32.zip http://otr.cypherpunks.ca/binaries/windows/otrproxy-0.3.1beta1-win32.zip If someone wants to compile up binaries for OSX, that'd be awesome. I'm assuming Unixy people will just compile their own; if that's a bad assumption, we can try to put up some binaries for them as well. But you may just want to wait for the release, when the various package maintainers will have their way with it. ;-) Remember: these are *betas*. Which means we're pretty sure they work, but we want feedback. Send feedback to this list, or by email to . Note to Evan: it look less than an hour to convert gaim-otr to use the new API. I assume doing the same for the Adium X native-UI stuff will be similar, but let us know if you run into problems. Note to package maintainers: please don't package the betas; we hope to release this version in short order. [And when we *do* release it, remember that it's a security fix, for package formats that can accomodate such notations.] Thanks, and have at it! - Ian From aldert at rotz.org Mon Oct 17 12:15:37 2005 From: aldert at rotz.org (Aldert J.B.P. Hazenberg) Date: Mon, 17 Oct 2005 18:15:37 +0200 Subject: [OTR-users] Google Alert : How to keep instant messaging off the record In-Reply-To: <20051016211421.GT847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> Message-ID: <4353CE29.2030505@rotz.org> Google pointed me today at : http://internet.newsforge.com/internet/05/10/07/1521221.shtml?tid=13 Nice article ! Aldert. From gdt at ir.bbn.com Mon Oct 17 14:06:23 2005 From: gdt at ir.bbn.com (Greg Troxel) Date: 17 Oct 2005 14:06:23 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051016211421.GT847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> Message-ID: Sounds good. For v1 fallback, probably this should be per-buddy configurable whether to allow v1 or not. Note to package maintainers: please don't package the betas; we hope to release this version in short order. [And when we *do* release it, remember that it's a security fix, for package formats that can accomodate such notations.] OK, but for my own testing I'd want to package it so I can flip back and forth. Could you make a 'make dist' tarball via automake, and set the version to something like 2.8.0 if you are planning 3.0, or 2.1.8 if you are planning 2.2, following the old GNU 'alpha' convention? I'd update pkgsrc and see how that goes (so if trouble you can fix before release) but not commit the changes until you have a real release. -- Greg Troxel From CLAY at BROKENLADDER.COM Mon Oct 17 16:21:33 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 13:21:33 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> Message-ID: <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> For added giggles, throw TOR into the mix. Yum. Clay Shentrup California Pacific Medical Center San Francisco, CA On 17 Oct 2005 14:06:23 -0400, Greg Troxel wrote: > > Sounds good. For v1 fallback, probably this should be per-buddy > configurable whether to allow v1 or not. > > > Note to package maintainers: please don't package the betas; we hope to > release this version in short order. [And when we *do* release it, > remember that it's a security fix, for package formats that can > accomodate such notations.] > > OK, but for my own testing I'd want to package it so I can flip back > and forth. Could you make a 'make dist' tarball via automake, and set > the version to something like 2.8.0 if you are planning 3.0, or 2.1.8 > if you are planning 2.2, following the old GNU 'alpha' convention? > I'd update pkgsrc and see how that goes (so if trouble you can fix > before release) but not commit the changes until you have a real > release. > > > > -- > Greg Troxel > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 10, 2005: 1970 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Mon Oct 17 16:25:31 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 13:25:31 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> Message-ID: <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> Hey Ian, You think you could maybe ask some hippies at Cal to submit some nice drawings for those "lock" icons. We've got some 2nd grade art gumming up the works on the beta. Let's think padlock symbols eh? Makes for a much more intuitive interface methinks. Sincerely, Clay P.S. I'd do it, but I can't draw good. On 10/17/05, CLAY SHENTRUP wrote: > > For added giggles, throw TOR into the mix. Yum. > > Clay Shentrup > California Pacific Medical Center > San Francisco, CA -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex323 at gmail.com Mon Oct 17 16:55:21 2005 From: alex323 at gmail.com (Alex) Date: Mon, 17 Oct 2005 16:55:21 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> Message-ID: <43540FB9.3070209@gmail.com> How are these images? http://alexwied.com/~alex/otr_images.zip - Alex CLAY SHENTRUP wrote: > Hey Ian, > > You think you could maybe ask some hippies at Cal to submit some nice > drawings for those "lock" icons. We've got some 2nd grade art gumming > up the works on the beta. Let's think padlock symbols eh? Makes for > a much more intuitive interface methinks. > > Sincerely, > Clay > > P.S. I'd do it, but I can't draw good. > > On 10/17/05, *CLAY SHENTRUP* > wrote: > > For added giggles, throw TOR into the mix. Yum. > > Clay Shentrup > California Pacific Medical Center > San Francisco, CA > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From ian at cypherpunks.ca Mon Oct 17 17:07:34 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 17:07:34 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> Message-ID: <20051017210734.GW847@smtp.paip.net> On Mon, Oct 17, 2005 at 01:25:31PM -0700, CLAY SHENTRUP wrote: > Hey Ian, > > You think you could maybe ask some hippies at Cal to submit some nice > drawings for those "lock" icons. We've got some 2nd grade art gumming up the > works on the beta. Let's think padlock symbols eh? Makes for a much more > intuitive interface methinks. But it's also not quite enough information. There are four states that need to be distinguished: - Not Private (the "X") - Unverified (the "?") - Private (the checkmark) - Finished (the "do not enter") I also wanted to stay away from the padlock to mean "private", since most apps use it to mean "encrypted", which is a weaker notion that's more like our "unverified". But that could just be semantic games on my part that no one else cares about. But if someone donates some good-looking xpms for these four states, I'd be happy to take a look. They should have a transparent background, and be around 20x20. [The current ones are 24x24, and are a little too large.] And note that neither Nikita nor I is at Cal any more; we've both graduated. ;-) - Ian From alex323 at gmail.com Mon Oct 17 17:22:03 2005 From: alex323 at gmail.com (Alex) Date: Mon, 17 Oct 2005 17:22:03 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <43540FB9.3070209@gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> Message-ID: <435415FB.30800@gmail.com> 64.62.190.63 - - [17/Oct/2005:17:20:39 -0400] "GET /~alex/otr_images.zip HTTP/1.1" 200 39174 "-" "Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.5" "-" Yeah, it shold work now. Sorry about that. - Alex Alex wrote: >How are these images? > >http://alexwied.com/~alex/otr_images.zip > > - Alex > >CLAY SHENTRUP wrote: > > > >>Hey Ian, >> >>You think you could maybe ask some hippies at Cal to submit some nice >>drawings for those "lock" icons. We've got some 2nd grade art gumming >>up the works on the beta. Let's think padlock symbols eh? Makes for >>a much more intuitive interface methinks. >> >>Sincerely, >>Clay >> >>P.S. I'd do it, but I can't draw good. >> >>On 10/17/05, *CLAY SHENTRUP* >> wrote: >> >> For added giggles, throw TOR into the mix. Yum. >> >> Clay Shentrup >> California Pacific Medical Center >> San Francisco, CA >> >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From CLAY at BROKENLADDER.COM Mon Oct 17 17:22:19 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 14:22:19 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017210734.GW847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> Message-ID: <9129d8bb0510171422wcf02cffr638ed835ed71334c@mail.gmail.com> Ian, I think it's interesting, perhaps unusual, that you chose to have the plug-in keept track of verification state. I envisioned that as something you'd check before accepting the fingerprint in the first place. You'd call the person, or use some trustworthy second channel, to get a fingerprint of his long-term key. When using OTR with someone for the first time, you would see a "popup" (this could just be text in the channel window) that would ask you to accept the fingerprint. You wouldn't select "yes" until you had verified it. I'm not sure why the new plug-in readily allows the user to start the session knowing that the other party's fingerprint has not been verified. I also don't know what you mean by "finished". If a session has expired, the lock should just be unlocked, right? I'm still not sure why you're not just using locked and unlocked, two icons only. Clay P.S. I figured you were teaching at UC, since the original /. article called you "UC crytographers" or something like that. On 10/17/05, Ian Goldberg wrote: > > On Mon, Oct 17, 2005 at 01:25:31PM -0700, CLAY SHENTRUP wrote: > > Hey Ian, > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Mon Oct 17 17:39:55 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 14:39:55 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017210734.GW847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> Message-ID: <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> If I verify a session key with a friend, recognizing his voice on the phone for instance, that satisfies the requirements for verifying his fingerprint, dosen't it? This seems like an obvious yes, but I'm just checking. Clay -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 17, 2005: 1976 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Mon Oct 17 17:49:55 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 17:49:55 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171422wcf02cffr638ed835ed71334c@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> <9129d8bb0510171422wcf02cffr638ed835ed71334c@mail.gmail.com> Message-ID: <20051017214955.GX847@smtp.paip.net> On Mon, Oct 17, 2005 at 02:22:19PM -0700, CLAY SHENTRUP wrote: > Ian, > > I think it's interesting, perhaps unusual, that you chose to have the > plug-in keept track of verification state. I envisioned that as something > you'd check before accepting the fingerprint in the first place. You'd call > the person, or use some trustworthy second channel, to get a fingerprint of > his long-term key. When using OTR with someone for the first time, you would > see a "popup" (this could just be text in the channel window) that would ask > you to accept the fingerprint. You wouldn't select "yes" until you had > verified it. I'm not sure why the new plug-in readily allows the user to > start the session knowing that the other party's fingerprint has not been > verified. Because, mainly, that's not how it works in practice. [That's how the plugin used to behave.] People generally just click to dismiss the dialog box, usually without even reading it. This way, they're free to do that, and the plugin will just note that they haven't explicitly checked the fingerprints yet. When/if they actually *do* phone up their friend, they can right-click on the OTR button and choose "Verify fingerprint". At that point, their icon will change to "Private". There are also a couple of technical issues. One is that the old way, if Alice accepts Bob's fingerprint, and sends a message, but Bob hasn't yet accepted Alice's fingerprint, they'll get all sorts of errors. Another is that allowing you to verify a fingerprint *after* the session is established allows more flexibility in the choice of how to actually verify it. One thing we want to do in the future is allow for "preshared secrets". You convince your friend (while you're out in a bar) to install OTR when she gets home, and scrawl some random secret on a napkin. After she installs OTR (and generates her fingerprint), you'll be able to authenticate each other by each typing the secret into your client. > I also don't know what you mean by "finished". If a session has expired, the > lock should just be unlocked, right? I'm still not sure why you're not just > using locked and unlocked, two icons only. "Finished" indicates that your buddy has terminated his end of the private conversation (and let you know that). It's now pointless to send him encrypted messages, and you *don't* want to automatically switch to sending plaintext messages (imagine you were in the middle of typing something private when this happened, just before you hit "Enter"). So we instead switch to this mode which blocks all outgoing messages to this buddy, until you choose to either explicitly go plaintext, or else restart the private conversation. > P.S. I figured you were teaching at UC, since the original /. article called > you "UC crytographers" or something like that. Yeah, we used to be (students) at UC, but not any more. - Ian From ian at cypherpunks.ca Mon Oct 17 17:54:59 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 17:54:59 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <43540FB9.3070209@gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> Message-ID: <20051017215459.GY847@smtp.paip.net> On Mon, Oct 17, 2005 at 04:55:21PM -0400, Alex wrote: > How are these images? > > http://alexwied.com/~alex/otr_images.zip I wonder if they'll survive a shrinking to 20x20. The ones with the lock, along with the ?, check, and X look plausible, but we'd still need one for "Finished", which none of those seem to fit. And the padlock still doesn't quite sit right with me. Where'd they come from? [We'd need to clear the licensing issues, of course, if we included them.] Thanks, - Ian From CLAY at BROKENLADDER.COM Mon Oct 17 18:02:11 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 15:02:11 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017215459.GY847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> Message-ID: <9129d8bb0510171502p7e9c4695h543c1678c5ce4c88@mail.gmail.com> If I may suggest just making a greyscale version of the current "unencrypted" torn padlock icon. Simple, denotes that the session is not encrypted, and the grey look has a sort of intuitive relationship with termination, like the way logged-off buddies are grey. It's really the behavior that is important--blocking the messages until the user selects unencrypted--not so much the appearance. Clay On 10/17/05, Ian Goldberg wrote: > > On Mon, Oct 17, 2005 at 04:55:21PM -0400, Alex wrote: > > How are these images? > > > > http://alexwied.com/~alex/otr_images.zip > > I wonder if they'll survive a shrinking to 20x20. The ones with the > lock, along with the ?, check, and X look plausible, but we'd still need > one for "Finished", which none of those seem to fit. > > And the padlock still doesn't quite sit right with me. > > Where'd they come from? [We'd need to clear the licensing issues, of > course, if we included them.] > > Thanks, > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 17, 2005: 1976 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex323 at gmail.com Mon Oct 17 18:06:16 2005 From: alex323 at gmail.com (Alex) Date: Mon, 17 Oct 2005 18:06:16 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017215459.GY847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> Message-ID: <43542058.9090407@gmail.com> They came from something related to Gnome actually. I am about 99% sure that they are GPLd. I can go search for a "finished" icon. - Alex Ian Goldberg wrote: >On Mon, Oct 17, 2005 at 04:55:21PM -0400, Alex wrote: > > >>How are these images? >> >>http://alexwied.com/~alex/otr_images.zip >> >> > >I wonder if they'll survive a shrinking to 20x20. The ones with the >lock, along with the ?, check, and X look plausible, but we'd still need >one for "Finished", which none of those seem to fit. > >And the padlock still doesn't quite sit right with me. > >Where'd they come from? [We'd need to clear the licensing issues, of >course, if we included them.] > >Thanks, > > - Ian >_______________________________________________ >OTR-users mailing list >OTR-users at lists.cypherpunks.ca >http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From ian at cypherpunks.ca Mon Oct 17 18:34:13 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 18:34:13 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171502p7e9c4695h543c1678c5ce4c88@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <9129d8bb0510171502p7e9c4695h543c1678c5ce4c88@mail.gmail.com> Message-ID: <20051017223413.GZ847@smtp.paip.net> On Mon, Oct 17, 2005 at 03:02:11PM -0700, CLAY SHENTRUP wrote: > If I may suggest just making a greyscale version of the current > "unencrypted" torn padlock icon. Simple, denotes that the session is not > encrypted, and the grey look has a sort of intuitive relationship with > termination, like the way logged-off buddies are grey. It's really the > behavior that is important--blocking the messages until the user selects > unencrypted--not so much the appearance. You can't make icons differ only in colour. Not everyone can distinguish colour. - Ian From ian at cypherpunks.ca Mon Oct 17 18:37:03 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 18:37:03 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> Message-ID: <20051017223703.GA847@smtp.paip.net> On Mon, Oct 17, 2005 at 02:39:55PM -0700, CLAY SHENTRUP wrote: > If I verify a session key with a friend, recognizing his voice on the phone > for instance, that satisfies the requirements for verifying his fingerprint, > dosen't it? This seems like an obvious yes, but I'm just checking. A secure session id? No, all that guarantees is that your current conversation is private. It does *not* guarantee that the fingerprint you received is actually the correct one. If you've got him on the phone, have him verify his fingerprint. That's sufficient, so long as his computer isn't compromised. [If it is, *then* use the secure session id instead.] - Ian From alex323 at gmail.com Mon Oct 17 18:51:59 2005 From: alex323 at gmail.com (Alex) Date: Mon, 17 Oct 2005 18:51:59 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <43540FB9.3070209@gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> Message-ID: <43542B0F.6070106@gmail.com> Hey, sorry about the 403 errors earlier. Apache was acting up. It works 100% now. - Alex Alex wrote: >How are these images? > >http://alexwied.com/~alex/otr_images.zip > > - Alex > >CLAY SHENTRUP wrote: > > > >>Hey Ian, >> >>You think you could maybe ask some hippies at Cal to submit some nice >>drawings for those "lock" icons. We've got some 2nd grade art gumming >>up the works on the beta. Let's think padlock symbols eh? Makes for >>a much more intuitive interface methinks. >> >>Sincerely, >>Clay >> >>P.S. I'd do it, but I can't draw good. >> >>On 10/17/05, *CLAY SHENTRUP* >> wrote: >> >> For added giggles, throw TOR into the mix. Yum. >> >> Clay Shentrup >> California Pacific Medical Center >> San Francisco, CA >> >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From CLAY at BROKENLADDER.COM Mon Oct 17 19:08:30 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 16:08:30 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017223703.GA847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> <20051017223703.GA847@smtp.paip.net> Message-ID: <9129d8bb0510171608o47531691mf5f16bbeda4e4c6a@mail.gmail.com> > > A secure session id? No, all that guarantees is that your current > conversation is private. It does *not* guarantee that the fingerprint > you received is actually the correct one. I'm trying to wrap my head around this one. If the session key was ultimately derived from your private diffie-hellman generator value, and a signed public diffie-hellman value from the other party, then this would seem to indicate that only a person who actually has the private key from which a fingerprint is derived could have produced that session key. If you call up your friend and recognize his voice, and he verifies that session key, he has to be the real owner of the private key that produces the fingerprint that you think he has. If that fingerprint wasn't really his, how would he know that session key? Where is this rationale broken? Thanks, Clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Mon Oct 17 22:19:52 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 17 Oct 2005 22:19:52 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510171608o47531691mf5f16bbeda4e4c6a@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> <20051017223703.GA847@smtp.paip.net> <9129d8bb0510171608o47531691mf5f16bbeda4e4c6a@mail.gmail.com> Message-ID: <20051018021952.GC847@smtp.paip.net> On Mon, Oct 17, 2005 at 04:08:30PM -0700, CLAY SHENTRUP wrote: > > > > A secure session id? No, all that guarantees is that your current > > > conversation is private. It does *not* guarantee that the fingerprint > > you received is actually the correct one. > > > I'm trying to wrap my head around this one. If the session key was > ultimately derived from your private diffie-hellman generator value, and a > signed public diffie-hellman value from the other party, then this would > seem to indicate that only a person who actually has the private key from > which a fingerprint is derived could have produced that session key. If you > call up your friend and recognize his voice, and he verifies that session > key, he has to be the real owner of the private key that produces the > fingerprint that you think he has. If that fingerprint wasn't really his, > how would he know that session key? > > Where is this rationale broken? Indeed, the session key is derived from your private diffie-hellman keys, which is why, if you verify the session key, you're assured that the person at the other end of the encrypted pipe is who you think it is. The public diffie-hellman keys are then signed by your DSA keys (~= your fingerprint). It's possible that a Man-in-the-Middle removed your buddy's signature from the Key Exchange Message, and substituted his own. If you verify the session id, you'll know that you are in fact talking to your buddy, and the MITM won't be able to read your messages, but the fingerprint you see will be *his*, and not your buddy's. That's why it's preferable to check the fingerprint. As long as your private DSA keys remain safe, you only have to do it once, and *all* of your subsequent sessions are protected. Checking the session id is only useful when your private DSA keys have been compromised, and it only checks the privacy of that one session. I think your confusion may have been between the long-lived public DSA keys (from which your fingerprint is derived) vs. the short-lived public Diffie-Hellman keys (from which the session id is derived). - Ian From CLAY at BROKENLADDER.COM Mon Oct 17 22:40:04 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Mon, 17 Oct 2005 19:40:04 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051018021952.GC847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <20051017210734.GW847@smtp.paip.net> <9129d8bb0510171439t54b4c154u6bed53f49e126f1@mail.gmail.com> <20051017223703.GA847@smtp.paip.net> <9129d8bb0510171608o47531691mf5f16bbeda4e4c6a@mail.gmail.com> <20051018021952.GC847@smtp.paip.net> Message-ID: <9129d8bb0510171940y77d22c68la8a2f867d582bf68@mail.gmail.com> > > I think your confusion may have been between the long-lived public DSA > keys (from which your fingerprint is derived) vs. the short-lived public > Diffie-Hellman keys (from which the session id is derived). No, my confusion comes from thinking that the other party's fingerprint played a part in the derivation of the session key, rather than playing a part in the derivation of the signature of the session key. If it played a part in the derivation of the key itself, then by verifying that session key with you, your friend would be verifying (a hash of) his fingerprint. Hope I'm making some sense here. Clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Mon Oct 17 23:52:57 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 18 Oct 2005 05:52:57 +0200 (CEST) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051017215459.GY847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> Message-ID: On Mon, 17 Oct 2005, Ian Goldberg wrote: > And the padlock still doesn't quite sit right with me. Yes, I'd stay away from the locks too. Locks are binary, OTR states are not. Paul From alex323 at gmail.com Tue Oct 18 06:56:06 2005 From: alex323 at gmail.com (Alex) Date: Tue, 18 Oct 2005 06:56:06 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> Message-ID: <4354D4C6.7020104@gmail.com> Paul Wouters wrote: > On Mon, 17 Oct 2005, Ian Goldberg wrote: > >> And the padlock still doesn't quite sit right with me. > > > Yes, I'd stay away from the locks too. Locks are binary, OTR states > are not. Isn't this why you have multiple locks? - Alex > > Paul > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From paul at xelerance.com Mon Oct 17 23:46:24 2005 From: paul at xelerance.com (Paul Wouters) Date: Tue, 18 Oct 2005 05:46:24 +0200 (CEST) Subject: [OTR-users] Google Alert : How to keep instant messaging off the record In-Reply-To: <4353CE29.2030505@rotz.org> References: <20051016211421.GT847@smtp.paip.net> <4353CE29.2030505@rotz.org> Message-ID: On Mon, 17 Oct 2005, Aldert J.B.P. Hazenberg wrote: > Google pointed me today at : > http://internet.newsforge.com/internet/05/10/07/1521221.shtml?tid=13 He got some minor errors though: > Deniable authentication means that, while Bob is talking to Alice, he's > assured that he really is talking to Alice, and not an imposter. However, > Bob cannot turn around and prove to Charlie that he's talking to > Alice. The key here is that all the messages between Alice and Bob come > with proof that they were written by either Alice or Bob, but you can't > tell which. When Bob gets such a message, he knows that he didn't write > it, so it must have been written by Alice. But if Bob shows this message > to Charlie, Charlie has no reason to believe Alice wrote it, since Bob > could have written it himself. He got it wrong here though :( (deniability is in the fact that *afterwards* anyone can "encrypt" messages with the 'leaked' the old keys, so *anyone* who sniffed the communications (not just alice or bob) could forge messages in the past (but not read any) He also tried to run gaim with otrproxy, which is kinda weird. Paul -- "Happiness is never grand" --- Mustapha Mond, World Controller (Brave New World) From ian at cypherpunks.ca Tue Oct 18 08:54:18 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 18 Oct 2005 08:54:18 -0400 Subject: [OTR-users] Google Alert : How to keep instant messaging off the record In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <4353CE29.2030505@rotz.org> Message-ID: <20051018125418.GE847@smtp.paip.net> On Tue, Oct 18, 2005 at 05:46:24AM +0200, Paul Wouters wrote: > On Mon, 17 Oct 2005, Aldert J.B.P. Hazenberg wrote: > > >Google pointed me today at : > >http://internet.newsforge.com/internet/05/10/07/1521221.shtml?tid=13 > > He got some minor errors though: > > >Deniable authentication means that, while Bob is talking to Alice, he's > >assured that he really is talking to Alice, and not an imposter. However, > >Bob cannot turn around and prove to Charlie that he's talking to > >Alice. The key here is that all the messages between Alice and Bob come > >with proof that they were written by either Alice or Bob, but you can't > >tell which. When Bob gets such a message, he knows that he didn't write > >it, so it must have been written by Alice. But if Bob shows this message > >to Charlie, Charlie has no reason to believe Alice wrote it, since Bob > >could have written it himself. > > He got it wrong here though :( > (deniability is in the fact that *afterwards* anyone can "encrypt" messages > with the 'leaked' the old keys, so *anyone* who sniffed the communications > (not just alice or bob) could forge messages in the past (but not read any) Actually, he's wrong in a few places, but this isn't one of them. :-) His explanation is a perfectly reasonable description of the *real-time* deniable authentication of OTR; i.e. even during the conversation, before the MAC keys are revealed, Bob can't prove to Charlie that Alice wrote the message he just received. Your description is of the *after-the-fact* forgeability of messages, once the MAC keys are revealed. OTR offers quite a few layers of deniability: - MACs on messages (the "real-time deniabilty") - deriving the MAC key from the encryption key ("if you can read it, you can forge it") - publishing the MAC keys (anyone can forge messages after the fact) > He also tried to run gaim with otrproxy, which is kinda weird. He apparently had trouble finding another Linux AIM client that supported proxies. Do you know of one? - Ian From angelac at gmail.com Tue Oct 18 10:52:28 2005 From: angelac at gmail.com (Angela Cheung) Date: Tue, 18 Oct 2005 07:52:28 -0700 Subject: [OTR-users] IM at work Message-ID: <9810f6140510180752yc9dbd9t87527f3f6ff40b30@mail.gmail.com> i installed trillian on my work computer and have been using it for several weeks. the IT department recently sent me an email saying said they noticed "IM traffic" from my computer and asked me to remove the software. it's driving me crazy that i can't make lunch plans! is there anything i can do to get back on IM without their knowing? thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Tue Oct 18 11:10:05 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 18 Oct 2005 17:10:05 +0200 (CEST) Subject: [OTR-users] Google Alert : How to keep instant messaging off the record In-Reply-To: <20051018125418.GE847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <4353CE29.2030505@rotz.org> <20051018125418.GE847@smtp.paip.net> Message-ID: On Tue, 18 Oct 2005, Ian Goldberg wrote: >> He got it wrong here though :( >> (deniability is in the fact that *afterwards* anyone can "encrypt" messages >> with the 'leaked' the old keys, so *anyone* who sniffed the communications >> (not just alice or bob) could forge messages in the past (but not read any) > > Actually, he's wrong in a few places, but this isn't one of them. :-) Okay, bad phrasing on my end :) >> He also tried to run gaim with otrproxy, which is kinda weird. > > He apparently had trouble finding another Linux AIM client that > supported proxies. Do you know of one? Kopete? http://docs.kde.org/development/en/kdenetwork/kopete/faq.html#id2570894 I have not tried this myself, as I do not run KDE. Paul From paul at cypherpunks.ca Tue Oct 18 11:11:18 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 18 Oct 2005 17:11:18 +0200 (CEST) Subject: [OTR-users] IM at work In-Reply-To: <9810f6140510180752yc9dbd9t87527f3f6ff40b30@mail.gmail.com> References: <9810f6140510180752yc9dbd9t87527f3f6ff40b30@mail.gmail.com> Message-ID: On Tue, 18 Oct 2005, Angela Cheung wrote: > i installed trillian on my work computer and have been using it for several > weeks. the IT department recently sent me an email saying said they noticed > "IM traffic" from my computer and asked me to remove the software. it's > driving me crazy that i can't make lunch plans! is there anything i can do > to get back on IM without their knowing? That's not what OTR is about :) Like anyone else, I guess try and use one of the IM web interfaces, if they are not blocked. Paul -- "Happiness is never grand" --- Mustapha Mond, World Controller (Brave New World) From ian at cypherpunks.ca Tue Oct 18 11:17:02 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 18 Oct 2005 11:17:02 -0400 Subject: [OTR-users] Google Alert : How to keep instant messaging off the record In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <4353CE29.2030505@rotz.org> <20051018125418.GE847@smtp.paip.net> Message-ID: <20051018151702.GG847@smtp.paip.net> On Tue, Oct 18, 2005 at 05:10:05PM +0200, Paul Wouters wrote: > >He apparently had trouble finding another Linux AIM client that > >supported proxies. Do you know of one? > > Kopete? > > http://docs.kde.org/development/en/kdenetwork/kopete/faq.html#id2570894 > > I have not tried this myself, as I do not run KDE. That's the first one he tried, but in fact it does not support application proxies; the only way to get SOCKS support in kopete is to force *all* network connections from *all* KDE apps through the SOCKS proxy, ugh. - Ian From cracker at gmail.com Tue Oct 18 11:15:09 2005 From: cracker at gmail.com (cracker at gmail.com) Date: Tue, 18 Oct 2005 11:15:09 -0400 Subject: [OTR-users] Re: IM at work Message-ID: Angela, Check out AIM over the Web. You need to have Java installed, but if you already do or can install it, go to http://toc.oscar.aol.com, and enter your credentials in. Voila! It's not as functional as the full client (you won't get a flashing window popup when you get a new message) but it'll do in a pinch. Cheers, Bk -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Tue Oct 18 12:46:20 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Tue, 18 Oct 2005 09:46:20 -0700 Subject: [OTR-users] Re: IM at work In-Reply-To: References: Message-ID: <9129d8bb0510180946i162dc01dr3c21e3446d3005be@mail.gmail.com> okay, i think this doesn't help her situation at all. this just acts like a regular client that runs from her browser, but still pipes im traffic from her computer. her solution would be to use TOR like i mentioned. i use TOR and OTR together. And hey, isn't it a bit odd that one can swipe the T and O and turn one into the other? Hmm...something is afoot methinks. Reminds me of this page . Clay On 10/18/05, cracker at gmail.com wrote: > > Angela, > > Check out AIM over the Web. You need to have Java installed, but if you > already do or can install it, > go to http://toc.oscar.aol.com, and enter your credentials in. Voila! > > It's not as functional as the full client (you won't get a flashing window > popup when you get a new message) > but it'll do in a pinch. > > Cheers, > > Bk > -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 17, 2005: 1976 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Tue Oct 25 14:01:48 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Tue, 25 Oct 2005 11:01:48 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <4354D4C6.7020104@gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> Message-ID: <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> Hey Alex, Looking through the gnome icon set, I found a padlock that is just unlocked. I think this could complete the scheme you had devised. I can send you the actual icon if you can't find it in your set. unlocked padlock = unencrypted locked padlock with question mark = encrypted but fingerprint not verified padlock or padlock with little check mark = encrypted ripped apart padlock (eww..gorey) = "finished", session ovah, tuh-muh-nated (as the governator would say) Is there a time frame for when the "finished product" should be released for mass consumption (windows installer, etc.) ? Clay -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 25, 2005: 1999 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Wed Oct 26 12:34:54 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 26 Oct 2005 12:34:54 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> Message-ID: <20051026163454.GD847@smtp.paip.net> On Tue, Oct 25, 2005 at 11:01:48AM -0700, CLAY SHENTRUP wrote: > Hey Alex, > > Looking through the gnome icon set, I found a padlock that is just unlocked. > I think this could complete the scheme you had devised. I can send you the > actual icon if you can't find it in your set. > > unlocked padlock = unencrypted > locked padlock with question mark = encrypted but fingerprint not verified > padlock or padlock with little check mark = encrypted > ripped apart padlock (eww..gorey) = "finished", session ovah, tuh-muh-nated > (as the governator would say) As I mentioned, I'm hesitant to go with the "padlock" theme. > Is there a time frame for when the "finished product" should be released for > mass consumption (windows installer, etc.) ? I'd like to have it out in the next couple of weeks. - Ian From CLAY at BROKENLADDER.COM Wed Oct 26 13:40:23 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Wed, 26 Oct 2005 10:40:23 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051026163454.GD847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> Message-ID: <9129d8bb0510261040l5a295c7q54c1422dfea760a@mail.gmail.com> > > As I mentioned, I'm hesitant to go with the "padlock" theme. I've never seen anything but a lock icon used to indicate encryption in any app, so I'm curious what other ideas you've had in mind, and whether you've had any luck finding non-proprietary images for them. At this point, I think any icon other than some derivative of a lock would seem to defeath the purpose of having an icon at all. Just my opinion, but of course I'm not the developer. I'm curious to see what other users think. Clay -- NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 25, 2005: 2000 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Wed Oct 26 14:03:51 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Wed, 26 Oct 2005 11:03:51 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051026163454.GD847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> Message-ID: <9129d8bb0510261103q6ed8ecd9m4c30fe52bcfb3406@mail.gmail.com> i just had another thought. i remember somoone's saying "otr state is not binary". the problem, i think, in finding the right icon scheme has been that there are really two totally distinct states being specified. one state is verified, which is binary. the other is encrypted, which is binary, but you want to also specify whether the previous state had been encrypted when showing unencrypted state, making it effectively ternary. so what about the idea of making the graphical indicator split up these two concepts somehow. you could have verification state specified by something like a full color face if verified or a silhouette with a question mark if not. or something along those lines. then beside this you could have an icon like a lock (but not a lock of course) that would specify encrypted, unencrypted, or unencrypted-but-previously-encrypted. again, that third state seems superfluous. the behavior is important--you want to make sure a warning goes up if someone tries to send cleartext, forcing him to verify that he really wants to do it. you don't want someone to accidentally type clear text because he didn't notice that the conversation is no longer encrypted. but as for the icon's being different, i don't see the utility in that. why not just make the icon revert back to "unencrypted"? is there really a need to visually represent "you're not encrypted, but you just were previously"? maybe the consensus is against me here, but i just thought i'd raise that point for discussion. talk amongst yourselves..i'm feeling verklempt. clay NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 25, 2005: 2000 SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Wed Oct 26 14:20:59 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Wed, 26 Oct 2005 20:20:59 +0200 (CEST) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510261040l5a295c7q54c1422dfea760a@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> <9129d8bb0510261040l5a295c7q54c1422dfea760a@mail.gmail.com> Message-ID: On Wed, 26 Oct 2005, CLAY SHENTRUP wrote: > > As I mentioned, I'm hesitant to go with the "padlock" theme. > > > I've never seen anything but a lock icon used to indicate encryption in any > app, That is because "treaditional" encryption only has "on" and "off" states. The only other software I know (and use) that has "off", "private and unverified" and "private and verified" is ssh. And it does not have icons. It does have a big fat "are you sure you want to connect to this new key?". > I think > any icon other than some derivative of a lock would seem to defeath the > purpose of having an icon at all. Just my opinion, but of course I'm not the > developer. I'm curious to see what other users think. The theme of a padlock just isn't right. Another theme I could think of is: not private: showing a crowd of silhouettes unverified: showing a single person's silhouette (with a question mark?) verified: showing a single person in colour (with a "V" tick or whatever "friend/buddy" icon denotes 'friend' these days). Paul From alex323 at gmail.com Wed Oct 26 16:50:16 2005 From: alex323 at gmail.com (Alex) Date: Wed, 26 Oct 2005 16:50:16 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> Message-ID: <435FEC08.80907@gmail.com> Go ahead and send me it, and I will add it to otr_images.zip. - Alex CLAY SHENTRUP wrote: > Hey Alex, > > Looking through the gnome icon set, I found a padlock that is just > unlocked. I think this could complete the scheme you had devised. I > can send you the actual icon if you can't find it in your set. > > unlocked padlock = unencrypted > locked padlock with question mark = encrypted but fingerprint not verified > padlock or padlock with little check mark = encrypted > ripped apart padlock (eww..gorey) = "finished", session ovah, > tuh-muh-nated (as the governator would say) > > Is there a time frame for when the "finished product" should be > released for mass consumption (windows installer, etc.) ? > > Clay > -- > NUMBER OF COALTION SOLDIERS KILLED IN IRAQ AS OF OCT 25, 2005: 1999 > SEE THEIR NAMES HERE: http://icasualties.org/oif/US_NAMES.aspx > > SEE THE CIVILIAN TOLL HERE: http://www.iraqbodycount.net/ > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From rabbi at abditum.com Wed Oct 26 17:09:44 2005 From: rabbi at abditum.com (Len Sassaman) Date: Wed, 26 Oct 2005 14:09:44 -0700 (PDT) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <20051026163454.GD847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> Message-ID: On Wed, 26 Oct 2005, Ian Goldberg wrote: > As I mentioned, I'm hesitant to go with the "padlock" theme. I second that. As you've said, the only truly intuitive "padlock" modes are open or closed, and they imply security states rather than privacy ones (Broken locks, question marks, etc., all require extra information as to their meaning in this context.) A good icon scheme will convey the status of the protocol state without requiring the user to develop a context-specific understanding of otherwise meaningless symbols. Ideally, you should be able to present an OTR-enabled IM client to a user who has no knowledge of OTR's functions beyond "privacy protection", and they should be able to tell you what the OTR icons mean. I think anything having to do with locks would fail that test. [I'm not convinced icons are the best way to convey this information, actually, but I believe we're somewhat limited in terms of UI changes we can make (though Adium is possibly an exception.)] --Len. From alex323 at gmail.com Wed Oct 26 17:32:34 2005 From: alex323 at gmail.com (Alex) Date: Wed, 26 Oct 2005 17:32:34 -0400 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> Message-ID: <435FF5F2.5090003@gmail.com> Len Sassaman wrote: > >I second that. As you've said, the only truly intuitive "padlock" modes >are open or closed, and they imply security states rather than privacy >ones (Broken locks, question marks, etc., all require extra information as >to their meaning in this context.) > >A good icon scheme will convey the status of the protocol state without >requiring the user to develop a context-specific understanding of >otherwise meaningless symbols. > > How about a "pie chart"? A full pie means that the conversation is secure and that OTR is active. Anything short of a complete circle would signify that OTR is not fully active. Each quarter (or fifth) can have a special meaning as specified by a pop up legend. Each pie piece gets a different colour. However, we will not fully rely on colour. We would use the position of the pie piece to determine its meaning. For example, The top left pie piece could mean that we have sent out an OTR invite. As the process continues, another pie piece is shown representing the specific OTR entity that is not functioning. What do you think? - Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: OpenPGP digital signature URL: From paul at cypherpunks.ca Wed Oct 26 18:19:10 2005 From: paul at cypherpunks.ca (Paul Wouters) Date: Thu, 27 Oct 2005 00:19:10 +0200 (CEST) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <435FF5F2.5090003@gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> <435FF5F2.5090003@gmail.com> Message-ID: On Wed, 26 Oct 2005, Alex wrote: > How about a "pie chart"? A full pie means that the conversation is > secure and that OTR is active. Anything short of a complete circle would > signify that OTR is not fully active. But someone who has 3/4th of the pie might think he is "reasonably secure" while in fact he might be talking to a MITM. A pie chart gives a percentage, which is not what we want to show either. Paul From kat at paip.net Wed Oct 26 18:28:18 2005 From: kat at paip.net (Kat Hanna) Date: Wed, 26 Oct 2005 18:28:18 -0400 (EDT) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> <435FF5F2.5090003@gmail.com> Message-ID: On Thu, 27 Oct 2005, Paul Wouters wrote: > On Wed, 26 Oct 2005, Alex wrote: > > > How about a "pie chart"? A full pie means that the conversation is > > secure and that OTR is active. Anything short of a complete circle would > > signify that OTR is not fully active. I agree with Len's point about a novice user needing to be able to figure out the icons intuitively. This idea fails that test. I think Paul's ideas are good, and probably pass the novice test, but I want to think a bit more before I endorse them as-is. What do other people think about them? -Kat From CLAY at BROKENLADDER.COM Wed Oct 26 19:20:58 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Wed, 26 Oct 2005 16:20:58 -0700 Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> Message-ID: <9129d8bb0510261620i7d540c17s668a1a0807e0b462@mail.gmail.com> > > A good icon scheme will convey the status of the protocol state without > requiring the user to develop a context-specific understanding of > otherwise meaningless symbols. My point exactly. Since a padlock is the universal symbol for "secure/encrypted", I support it. And a silhouette with a question mark on it could represent an unverified user. These are obvious universal indicators that almost anyone would basically understand. > Ideally, you should be able to present an OTR-enabled IM client to a user > who has no knowledge of OTR's functions beyond "privacy protection", and > they should be able to tell you what the OTR icons mean. I think anything > having to do with locks would fail that test. LOL. How do I respond to something like this? [I'm not convinced icons are the best way to convey this information, > actually That is a valid point. The text will ultimately be the thing that specifies what's going on. But for a quick visual reference, icons are a nice feature. Included is a sample of what I'm thinking, in this case for unverified encrypted. CLAY -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: lock.jpg Type: image/jpeg Size: 3392 bytes Desc: not available URL: From paul at xelerance.com Wed Oct 26 14:22:33 2005 From: paul at xelerance.com (Paul Wouters) Date: Wed, 26 Oct 2005 20:22:33 +0200 (CEST) Subject: [OTR-users] New gaim-otr and otrproxy ready for beta testing In-Reply-To: <9129d8bb0510261103q6ed8ecd9m4c30fe52bcfb3406@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <9129d8bb0510171321ye9afa6pb9f4677ea7d45ea0@mail.gmail.com> <9129d8bb0510171325t4f0f409cxf25f2ae01d873d8c@mail.gmail.com> <43540FB9.3070209@gmail.com> <20051017215459.GY847@smtp.paip.net> <4354D4C6.7020104@gmail.com> <9129d8bb0510251101j60db34f3g208175cb6a0f72ab@mail.gmail.com> <20051026163454.GD847@smtp.paip.net> <9129d8bb0510261103q6ed8ecd9m4c30fe52bcfb3406@mail.gmail.com> Message-ID: On Wed, 26 Oct 2005, CLAY SHENTRUP wrote: > so what about the idea of making the graphical indicator split up these two > concepts somehow. you could have verification state specified by something > like a full color face if verified or a silhouette with a question mark if > not. or something along those lines. I guess we had similar ideas pop up :) Perhaps that shows it's a good theme :) > then beside this you could have an icon like a lock Though I still don't see why we should have a lock :) Paul -- "Happiness is never grand" --- Mustapha Mond, World Controller (Brave New World) From ian at cypherpunks.ca Thu Oct 27 13:28:24 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 13:28:24 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051016211421.GT847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> Message-ID: <20051027172824.GI847@smtp.paip.net> OK, here's beta 2. There are new icons in this one; let me know what you think. *Note*: the version 2 Data Message format has changed slightly. So if you downloaded beta1, you need to get beta2 ASAP, or you won't be able to talk to OTR version 2 people. http://otr.cypherpunks.ca/binaries/windows/gaim-otr-3.0.0beta2-win32.zip http://otr.cypherpunks.ca/binaries/windows/otrproxy-0.3.1beta2-win32.zip - Ian From CLAY at BROKENLADDER.COM Thu Oct 27 13:49:29 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 27 Oct 2005 10:49:29 -0700 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027172824.GI847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> Message-ID: <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> Ian, You said you were against the idea of "greyscaling" the image to differentiate two states, since there are colorblind people out there. But when I deverify someone, the little gaim icon just turns grey. Also, the unencrypted state shows multiple people, as if to indicate a "conference" or something like that. Very confusing, especially for someone not that technically inclined, or familiar with OTR. Is there any sort of resource editor in Windows that lets you edit a dll's images? There was in BeOS I remember. If anyone knows an easy way to edit these things, please let me know so I can change the images and send them to my friends. Thanks, Clay On 10/27/05, Ian Goldberg wrote: > > OK, here's beta 2. There are new icons in this one; let me know what > you think. > > *Note*: the version 2 Data Message format has changed slightly. So if > you downloaded beta1, you need to get beta2 ASAP, or you won't be able > to talk to OTR version 2 people. > > http://otr.cypherpunks.ca/binaries/windows/gaim-otr-3.0.0beta2-win32.zip > http://otr.cypherpunks.ca/binaries/windows/otrproxy-0.3.1beta2-win32.zip > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Oct 27 14:01:45 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 14:01:45 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> Message-ID: <20051027180145.GJ847@smtp.paip.net> On Thu, Oct 27, 2005 at 10:49:29AM -0700, CLAY SHENTRUP wrote: > Ian, > > You said you were against the idea of "greyscaling" the image to > differentiate two states, since there are colorblind people out there. But > when I deverify someone, the little gaim icon just turns grey. I am indeed against it. I'd like to add a (green) checkmark and a (yellow) question mark to those two images. But my image-manipulation skills aren't so great. Anyone? > Also, the unencrypted state shows multiple people, as if to indicate a > "conference" or something like that. Very confusing, especially for someone > not that technically inclined, or familiar with OTR. In fact, it indicates "public". But "conference" isn't far off; if you send a message in that state, there are a whole bunch of people that can read it. > Is there any sort of resource editor in Windows that lets you edit a dll's > images? There was in BeOS I remember. If anyone knows an easy way to edit > these things, please let me know so I can change the images and send them to > my friends. Probably not in this case, since the windows build is a cross-compile, and doesn't use external resources. Moreover, having the icons be in separate files is fraught with potential packaging / installation problems. I'd much prefer (at least for now) to keep it all in one file. - Ian From CLAY at BROKENLADDER.COM Thu Oct 27 14:06:53 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 27 Oct 2005 11:06:53 -0700 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027172824.GI847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> Message-ID: <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> some consistency issues here.. if lighting up vs. greying out delineates verified vs. unverified for the "single person" state, then it should do the same for the "multiple people" state. if i'm not currently in a secure session with someone, but he's verified, his "multiple people" icon should be colored, but right now it's grey, whether the person is verified or not. in total there should be six icon states, if you want to have a "finished" state. for encyption you have on, off, or finished. for verification you have verified or unverified. 2 x 3 = 6 is there any amount of money i could donate to the project for you to make the icon set dynamic in the final release, so the user could configure it. i'm not rich or anything, but it just shows i'm willing to put my money where my mouth is. thanks, clay -- XEROX COLOR LASER PRINTERS PRINT A SERIES OF SECRET DOTS ON EVERY PAGE THAT IDENTIFY THE TIME AND DATE YOU PRINTED A DOCUMENT PLUS THE SERIAL NUMBER OF THE PRINTER YOU USED. -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Thu Oct 27 14:26:54 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 27 Oct 2005 11:26:54 -0700 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027180145.GJ847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> <20051027180145.GJ847@smtp.paip.net> Message-ID: <9129d8bb0510271126h786bb493ge84c7b3e44bb67b8@mail.gmail.com> Okay, but I'm still curious about the "finished" state. I'm trying to understand how it's different, behaviorally, than unencrypted. Could one say that it is essentially like being unencrypted, but have "require encryption" turned on, so that a new message isn't sent until the session has been refreshed? I am indeed against it. I'd like to add a (green) checkmark and a > (yellow) question mark to those two images. But my image-manipulation > skills aren't so great. Anyone? > Also, the unencrypted state shows multiple people, as if to indicate a > > "conference" or something like that. Very confusing, especially for > someone > > not that technically inclined, or familiar with OTR. > > In fact, it indicates "public". But "conference" isn't far off; if you > send a message in that state, there are a whole bunch of people that can > read it. Could potentially read it, but aren't necessarily. I think multiple people icons gives the impression that multiple people _are_ involved in the conversation. I'm trying to put myself into the mindset of a typical (dumb) computer user here. Okay, as for the configurable icons, I officially give up on that. I take it there is no resource editor like the one I was hoping for. Does this new beta have what you consider to be the final version of OTR for the time being. That is, there are no more changes planned in the actual protocol for the time being, and any known security holes have been addressed? Clay -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Oct 27 14:29:57 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 14:29:57 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> Message-ID: <20051027182957.GK847@smtp.paip.net> On Thu, Oct 27, 2005 at 11:06:53AM -0700, CLAY SHENTRUP wrote: > some consistency issues here.. > > if lighting up vs. greying out delineates verified vs. unverified for the > "single person" state, then it should do the same for the "multiple people" > state. if i'm not currently in a secure session with someone, but he's > verified, his "multiple people" icon should be colored, but right now it's > grey, whether the person is verified or not. I think you've got a misapprehension. Buddies can have zero or more fingerprints, each of which can be verified or not. If you're not currently using OTR, there's no "verified" or "not verified" [i.e. *fingerprints* are verified, not *buddies*]. You can't be in a verified private convesation and not be in a private conversation at the same time. > is there any amount of money i could donate to the project for you to make > the icon set dynamic in the final release, so the user could configure it. > i'm not rich or anything, but it just shows i'm willing to put my money > where my mouth is. It won't happen for this release for sure. After that, we can talk. :-) - Ian From ian at cypherpunks.ca Thu Oct 27 14:37:33 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 14:37:33 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0510271126h786bb493ge84c7b3e44bb67b8@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> <20051027180145.GJ847@smtp.paip.net> <9129d8bb0510271126h786bb493ge84c7b3e44bb67b8@mail.gmail.com> Message-ID: <20051027183733.GL847@smtp.paip.net> On Thu, Oct 27, 2005 at 11:26:54AM -0700, CLAY SHENTRUP wrote: > Okay, but I'm still curious about the "finished" state. I'm trying to > understand how it's different, behaviorally, than unencrypted. Could one say > that it is essentially like being unencrypted, but have "require encryption" > turned on, so that a new message isn't sent until the session has been > refreshed? If you type a message when you're in "Not private", it gets sent to your buddy in the clear. If you type a message when you're in "Finished", nothing at all gets sent to your buddy, and an error is given to you. > > In fact, it indicates "public". But "conference" isn't far off; if you > > send a message in that state, there are a whole bunch of people that can > > read it. > > Could potentially read it, but aren't necessarily. And how do you know which is the case? From a privacy point of view, lots of people may as well be reading it. > I think multiple people > icons gives the impression that multiple people _are_ involved in the > conversation. I'm trying to put myself into the mindset of a typical (dumb) > computer user here. And they _are_ involved, as far as you know. > Does this new beta have what you consider to be the final version of OTR for > the time being. That is, there are no more changes planned in the actual > protocol for the time being, and any known security holes have been > addressed? The identity-binding flaw has been addressed. We reserve the right to change the v2 protocol until the official release. [But at present, we don't intend to do so.] - Ian From ian at cypherpunks.ca Thu Oct 27 14:47:07 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 14:47:07 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027180145.GJ847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> <20051027180145.GJ847@smtp.paip.net> Message-ID: <20051027184707.GM847@smtp.paip.net> On Thu, Oct 27, 2005 at 02:01:45PM -0400, Ian Goldberg wrote: > I am indeed against it. I'd like to add a (green) checkmark and a > (yellow) question mark to those two images. But my image-manipulation > skills aren't so great. Anyone? OK, I added the question mark to the unverified icon, and left the private icon as it was. If you download beta2 again, you'll get the new version (yeah, I know, modifying a file once I've announced it; but it's only been up for an hour :-p ). If you don't want to download the betas, you can see the new icons here: http://www.cypherpunks.ca/otr/help/buttonhelp.php [The text is not finished yet, but the icons are there.] - Ian From CLAY at BROKENLADDER.COM Thu Oct 27 14:51:26 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 27 Oct 2005 11:51:26 -0700 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027182957.GK847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> <20051027182957.GK847@smtp.paip.net> Message-ID: <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> > > Buddies can have zero or more > fingerprints, each of which can be verified or not. If you're not > currently using OTR, there's no "verified" or "not verified" > [i.e. *fingerprints* are verified, not *buddies*]. Ah yes. I didn't take the multiple fingerprints issue into account. You can't be in a verified private convesation and not be in a private > conversation at the same time. ??? I don't know what this is in reference to. > is there any amount of money i could donate to the project for you to make > > the icon set dynamic in the final release, so the user could configure > it. > > i'm not rich or anything, but it just shows i'm willing to put my money > > where my mouth is. > > It won't happen for this release for sure. After that, we can talk. :-) What about for a meeeeelion dollars. Nah, I don't have it. I'll live without padlocks for now, regretfully. CLAY P.S. I just killed a convo to see the "finished" icon. Neat. -------------- next part -------------- An HTML attachment was scrubbed... URL: From CLAY at BROKENLADDER.COM Thu Oct 27 14:55:15 2005 From: CLAY at BROKENLADDER.COM (CLAY SHENTRUP) Date: Thu, 27 Oct 2005 11:55:15 -0700 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> <20051027182957.GK847@smtp.paip.net> <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> Message-ID: <9129d8bb0510271155l3e5a200byc1b5c8c5ffa9e23b@mail.gmail.com> Five icon states (unless you want "finished" to be agnostic to verification): Unencrypted Verified Encrypted Verified Finished Unverified Encrypted Unverified Finished -------------- next part -------------- An HTML attachment was scrubbed... URL: From aldert at rotz.org Thu Oct 27 15:04:16 2005 From: aldert at rotz.org (Aldert J.B.P. Hazenberg) Date: Thu, 27 Oct 2005 21:04:16 +0200 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <20051027184707.GM847@smtp.paip.net> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271049l127b9ed3k7a3ce4fb060924c@mail.gmail.com> <20051027180145.GJ847@smtp.paip.net> <20051027184707.GM847@smtp.paip.net> Message-ID: <436124B0.6060002@rotz.org> Ian Goldberg wrote: > On Thu, Oct 27, 2005 at 02:01:45PM -0400, Ian Goldberg wrote: > >>I am indeed against it. I'd like to add a (green) checkmark and a >>(yellow) question mark to those two images. But my image-manipulation >>skills aren't so great. Anyone? > > > OK, I added the question mark to the unverified icon, and left the > private icon as it was. If you download beta2 again, you'll get the new > version (yeah, I know, modifying a file once I've announced it; but it's > only been up for an hour :-p ). > > If you don't want to download the betas, you can see the new icons here: > > http://www.cypherpunks.ca/otr/help/buttonhelp.php > > [The text is not finished yet, but the icons are there.] > Two thumbs up here !! Aldert. From ian at cypherpunks.ca Thu Oct 27 15:38:25 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Oct 2005 15:38:25 -0400 Subject: [OTR-users] gaim-otr and otrproxy beta 2 In-Reply-To: <9129d8bb0510271155l3e5a200byc1b5c8c5ffa9e23b@mail.gmail.com> References: <20051016211421.GT847@smtp.paip.net> <20051027172824.GI847@smtp.paip.net> <9129d8bb0510271106p7b214626v660f9eecb6c5dd5c@mail.gmail.com> <20051027182957.GK847@smtp.paip.net> <9129d8bb0510271151j31e6fea1jdfc8d8c3bb46c8e6@mail.gmail.com> <9129d8bb0510271155l3e5a200byc1b5c8c5ffa9e23b@mail.gmail.com> Message-ID: <20051027193825.GN847@smtp.paip.net> On Thu, Oct 27, 2005 at 11:55:15AM -0700, CLAY SHENTRUP wrote: > Five icon states (unless you want "finished" to be agnostic to > verification): > > Unencrypted "Not private" > Verified Encrypted "Private" > Unverified Encrypted "Unverified" > Verified Finished > Unverified Finished What's the difference between these states? They're both "Finished". You only need to distinguish between verified and unverified fingerprints when you're actually using one. - Ian From abanks at bcianswers.com Mon Oct 31 16:05:51 2005 From: abanks at bcianswers.com (Al Banks) Date: Mon, 31 Oct 2005 15:05:51 -0600 Subject: [OTR-users] Solaris 10 Compile problems Message-ID: <4366872F.6010503@bcianswers.com> Has anyone attempted to compile gaim-otr and libotr on Solaris 10? ./configure works fine, given the correct path to libgcrypt, but compile stops here: bash-3.00# make make all-recursive make[1]: Entering directory `/export/home/abanks/download/libotr-2.0.2' Making all in src make[2]: Entering directory `/export/home/abanks/download/libotr-2.0.2/src' /bin/bash ../libtool --mode=link gcc -g -O2 -o libotr.la -rpath /usr/local/lib -version-info 1:2:0 -L/opt/csw/lib -lgcrypt -L/opt/csw/lib -lgpg-error privkey.lo context.lo proto.lo b64.lo dh.lo mem.lo message.lo userstate.lo tlv.lo rm -fr .libs/libotr.so .libs/libotr.so.1 .libs/libotr.so.1.0.2 gcc -shared -Wl,-h -Wl,libotr.so.1 -o .libs/libotr.so.1.0.2 .libs/privkey.o .libs/context.o .libs/proto.o .libs/b64.o .libs/dh.o .libs/mem.o .libs/message.o .libs/userstate.o .libs/tlv.o -R/opt/csw/lib -R/opt/csw/lib -L/opt/csw/lib /opt/csw/lib/libgcrypt.so /opt/csw/lib/libgpg-error.so -lc (cd .libs && rm -f libotr.so.1 && ln -s libotr.so.1.0.2 libotr.so.1) (cd .libs && rm -f libotr.so && ln -s libotr.so.1.0.2 libotr.so) false cru .libs/libotr.a privkey.o context.o proto.o b64.o dh.o mem.o message.o userstate.o tlv.o make[2]: *** [libotr.la] Error 1 make[2]: Leaving directory `/export/home/abanks/download/libotr-2.0.2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/home/abanks/download/libotr-2.0.2' make: *** [all] Error 2 Any ideas? Thanks! -A From ian at cypherpunks.ca Mon Oct 31 16:29:34 2005 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 31 Oct 2005 16:29:34 -0500 Subject: [OTR-users] Solaris 10 Compile problems In-Reply-To: <4366872F.6010503@bcianswers.com> References: <4366872F.6010503@bcianswers.com> Message-ID: <20051031212934.GE847@smtp.paip.net> On Mon, Oct 31, 2005 at 03:05:51PM -0600, Al Banks wrote: > Has anyone attempted to compile gaim-otr and libotr on Solaris 10? > ./configure works fine, given the correct path to libgcrypt, but compile > stops here: > > false cru .libs/libotr.a privkey.o context.o proto.o b64.o dh.o mem.o > message.o userstate.o tlv.o > make[2]: *** [libotr.la] Error 1 For some reason, your "ar" got set to "false". Can you investigate as to why that might be? [This should probably be on otr-dev, but no big deal.] - Ian From bstanfield at gmail.com Mon Oct 31 16:36:21 2005 From: bstanfield at gmail.com (Ben Stanfield) Date: Mon, 31 Oct 2005 16:36:21 -0500 Subject: [OTR-users] iChat and Encryption Message-ID: <4b36c2bb0510311336h21b57aedg78f8680a5defd706@mail.gmail.com> Apple released Software Update 10.4.3 this afternoon, and in the release notes includes this tidbit: ".Mac members can enable encrypted chat sessions after installing this update." I can't find any other information on the Apple site, but I'm curious if anyone knows if they're using OTR for their encrypted iChat sessions. Ben -- Ben Stanfield Executive Editor, MacSlash www.MacSlash.org ben at macslash.org