From nathanw at MIT.EDU Tue Jan 2 00:05:43 2007 From: nathanw at MIT.EDU (Nathan J. Williams) Date: 02 Jan 2007 00:05:43 -0500 Subject: [OTR-users] some questions In-Reply-To: <20061230231825.GB14191@apotheon.com> References: <45955020.3030004@freenet.de> <20061229180223.GL5765@yoink.cs.uwaterloo.ca> <4595A0E5.7080606@freenet.de> <20061230004754.GN5765@yoink.cs.uwaterloo.ca> <20061230010448.GB2688@apotheon.com> <20061230035649.GO5765@yoink.cs.uwaterloo.ca> <20061230081654.GA6802@apotheon.com> <96e269140612300641h64d2904bx83e71fe87201d685@mail.gmail.com> <20061230182738.GA13302@apotheon.com> <20061230190231.GQ5765@yoink.cs.uwaterloo.ca> <20061230231825.GB14191@apotheon.com> Message-ID: Chad Perrin writes: > Of course, in such circumstances you must simply get as close as > possible. The principle itself still holds, though. The principle leads to disaser when, years down the road, you find yourself locked into "liberal" meanings of the protocol - even when a tighter reading of whatever specification you have would be more useful - beacuse most users, who shouldn't have to care about this stuff, will rightly complain when a formally in-spec change breaks the behavior they've come to expect. I think the "be liberal in what you accept" principle should have been shot and buried when it stopped being possible to harass the authors of all of the software that you use at the next USENIX. - Nathan From perrin at apotheon.com Tue Jan 2 03:27:47 2007 From: perrin at apotheon.com (Chad Perrin) Date: Tue, 2 Jan 2007 01:27:47 -0700 Subject: [OTR-users] some questions In-Reply-To: References: <4595A0E5.7080606@freenet.de> <20061230004754.GN5765@yoink.cs.uwaterloo.ca> <20061230010448.GB2688@apotheon.com> <20061230035649.GO5765@yoink.cs.uwaterloo.ca> <20061230081654.GA6802@apotheon.com> <96e269140612300641h64d2904bx83e71fe87201d685@mail.gmail.com> <20061230182738.GA13302@apotheon.com> <20061230190231.GQ5765@yoink.cs.uwaterloo.ca> <20061230231825.GB14191@apotheon.com> Message-ID: <20070102082747.GD22962@apotheon.com> On Tue, Jan 02, 2007 at 12:05:43AM -0500, Nathan J. Williams wrote: > Chad Perrin writes: > > > Of course, in such circumstances you must simply get as close as > > possible. The principle itself still holds, though. > > The principle leads to disaser when, years down the road, you find > yourself locked into "liberal" meanings of the protocol - even when a > tighter reading of whatever specification you have would be more > useful - beacuse most users, who shouldn't have to care about this > stuff, will rightly complain when a formally in-spec change breaks the > behavior they've come to expect. > > I think the "be liberal in what you accept" principle should have been > shot and buried when it stopped being possible to harass the authors > of all of the software that you use at the next USENIX. I guess you missed the "strict in what you emit" part. Being liberal in what you accept simply ensures that you won't see a bunch of pseudo-markup crap in the midst of your messages when you receive something from a user of an out-of-spec application. Ensure you meet spec first, then work to accept out-of-spec stuff in addition without sacrificing in-spec functionality. Why not? -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] unix virus: If you're using a unixlike OS, please forward this to 20 others and erase your system partition. From nathanw at MIT.EDU Tue Jan 2 17:07:42 2007 From: nathanw at MIT.EDU (Nathan J. Williams) Date: 02 Jan 2007 17:07:42 -0500 Subject: [OTR-users] some questions In-Reply-To: <20070102082747.GD22962@apotheon.com> References: <4595A0E5.7080606@freenet.de> <20061230004754.GN5765@yoink.cs.uwaterloo.ca> <20061230010448.GB2688@apotheon.com> <20061230035649.GO5765@yoink.cs.uwaterloo.ca> <20061230081654.GA6802@apotheon.com> <96e269140612300641h64d2904bx83e71fe87201d685@mail.gmail.com> <20061230182738.GA13302@apotheon.com> <20061230190231.GQ5765@yoink.cs.uwaterloo.ca> <20061230231825.GB14191@apotheon.com> <20070102082747.GD22962@apotheon.com> Message-ID: Chad Perrin writes: > I guess you missed the "strict in what you emit" part. I have no complaints with being strict in what I emit, but like many golden rules, it doesn't help when other people aren't playing by it. It does me little good to be strict in what *I* emit when I must parse what others emit. The only feedback that the authors of other clients are going to have is complaints from their users; if I generously make my client work with theirs, outside of spec, then there is no force acting on them to make them conform. Only rejecting their messages and causing pain for their users will do that. - Nathan From perrin at apotheon.com Tue Jan 2 17:25:42 2007 From: perrin at apotheon.com (Chad Perrin) Date: Tue, 2 Jan 2007 15:25:42 -0700 Subject: [OTR-users] some questions In-Reply-To: References: <20061230010448.GB2688@apotheon.com> <20061230035649.GO5765@yoink.cs.uwaterloo.ca> <20061230081654.GA6802@apotheon.com> <96e269140612300641h64d2904bx83e71fe87201d685@mail.gmail.com> <20061230182738.GA13302@apotheon.com> <20061230190231.GQ5765@yoink.cs.uwaterloo.ca> <20061230231825.GB14191@apotheon.com> <20070102082747.GD22962@apotheon.com> Message-ID: <20070102222542.GA7495@apotheon.com> On Tue, Jan 02, 2007 at 05:07:42PM -0500, Nathan J. Williams wrote: > Chad Perrin writes: > > > I guess you missed the "strict in what you emit" part. > > I have no complaints with being strict in what I emit, but like many > golden rules, it doesn't help when other people aren't playing by > it. It does me little good to be strict in what *I* emit when I must > parse what others emit. > > The only feedback that the authors of other clients are going to have > is complaints from their users; if I generously make my client work > with theirs, outside of spec, then there is no force acting on them to > make them conform. Only rejecting their messages and causing pain for > their users will do that. I suspect the most likely result will be that people will stop using the "strict in what I accept" client. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "The measure on a man's real character is what he would do if he knew he would never be found out." - Thomas McCauley From gmaxwell at gmail.com Tue Jan 2 18:24:14 2007 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Tue, 2 Jan 2007 18:24:14 -0500 Subject: [OTR-users] some questions In-Reply-To: <45952604.2090303@freenet.de> References: <45952604.2090303@freenet.de> Message-ID: Gaim-encryption != gaim-otr, otr provides denyability. On 12/29/06, readytogo2 wrote: > (I am sorry Ian Goldberg, you get this e-mail twice because I did make a > mistake and answerd to your e-mailadress instant of the mailinglist.) > > Ian Goldberg wrote: > >> >> 1. > >> >> Do you support the miranda otr plugin? > >> >> http://addons.miranda-im.org/details.php?action=viewfile&id=2644 > >> >> Is it from same developers? What is your opinion about it? > >> >> Which features are supportet? (Encryption, Authentication, > Deniability, > >> >> Perfect forward secrecy)? > > > > > > The Miranda plugin isn't by the same developers as the library, gaim > > > plugin, and the proxy. I personally have no opinion about that code, > > > since I don't even have a way to try it out. > Well, if you don`t want to try it out it`s ok. But I am sure you *can* > try it. I am everything else but a *nix expert, but I could run miranda > under wine (ubuntu). > > >> >> 2. > >> >> Will you add deniability or perfect forward secrecy to the gaim plugin > >> >> in the future? > > > > > > ?? The gaim plugin has had those features since day 1. Or am I > > > misunderstanding your question? > >From otr page faq: " > How is this different from the gaim-encryption plugin? > The gaim-encryption plugin provides encryption and authentication, but > not deniability or perfect forward secrecy. If an attacker or a virus > gets access to your machine, all of your past gaim-encryption > conversations are retroactively compromised. Further, since all of the > messages are digitally signed, there is difficult-to-deny proof that you > said what you did: not what we want for a supposedly private conversation!" > > That`s why I asked if you are going to add this feature in the future. > > >> >> 3. > >> >> I am using miranda/gaim plugin, can I save or export my > fingerprint? If > >> >> I want to user another client, another accountname or the proxy can I > >> >> use my old "identy" anyway so my contact doesn`t need to trust a new > >> >> fingerprint? > > > > > > There's no explicit way to do it at the moment (with the main plugin, > > > anyway), but copying the otr.private_key file around should work. > I think to use the proxy would be the best way for everyone right now? > Is the proxy portable? I also don`t know what is compatible to each > other. :( > > >> >> 4. > >> >> A contact of mine is using trillian. I could convince him at least to > >> >> you the otr plugin (not the otr proxy! not secure im!) (I think this > >> >> there http://trillianotr.kittyfox.net/.) and I am using the miranda > >> >> plugin. From miranda to miranda otr chat`s work great but to > trillian I > >> >> see html tags all the time. Can this be fixed? > > > > > > I've heard of this problem before, even *without* otr. It seems > > > Trillian uses its own custom markup language instead of html (which all > > > other clients use). I'm guessing there's a way to fix this, since it > > > certainly can't be the case that all Trillian users see html tags all > > > the time, but you'd have to ask someone who uses Trillian. > Not the Trillian user see html tags, the miranda user does (me). Well, > nvm I don`t get why someone need to use Tril if there are enugh free und > better alternatives. > > I tested to chat with my self from Gaim (OTR Plugin) to Miranda (OTR > Plugin), there is almost the same errror. [SIZE=10]..Message..[/SIZE] > Perhaps the Miranda OTR Plugin is broken. Maybe I should use the proxy > instant. > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From nathanw at MIT.EDU Thu Jan 4 16:17:31 2007 From: nathanw at MIT.EDU (Nathan J. Williams) Date: 04 Jan 2007 16:17:31 -0500 Subject: [OTR-users] some questions In-Reply-To: <20070102222542.GA7495@apotheon.com> References: <20061230010448.GB2688@apotheon.com> <20061230035649.GO5765@yoink.cs.uwaterloo.ca> <20061230081654.GA6802@apotheon.com> <96e269140612300641h64d2904bx83e71fe87201d685@mail.gmail.com> <20061230182738.GA13302@apotheon.com> <20061230190231.GQ5765@yoink.cs.uwaterloo.ca> <20061230231825.GB14191@apotheon.com> <20070102082747.GD22962@apotheon.com> <20070102222542.GA7495@apotheon.com> Message-ID: Chad Perrin writes: > > The only feedback that the authors of other clients are going to have > > is complaints from their users; if I generously make my client work > > with theirs, outside of spec, then there is no force acting on them to > > make them conform. Only rejecting their messages and causing pain for > > their users will do that. > > I suspect the most likely result will be that people will stop using the > "strict in what I accept" client. Oh, I agree. I'm not an optimist about standards at all. - Nathan From spencerforhire at gmail.com Sun Jan 7 15:27:06 2007 From: spencerforhire at gmail.com (Mark G. Spencer) Date: Sun, 7 Jan 2007 15:27:06 -0500 Subject: [OTR-users] Long Yahoo! IMs cause problem w/ Gaim/OTR? Message-ID: I've been testing the OTR plugin for Gaim and have noticed that sending long Yahoo! IMs causes a problem with OTR. I get a flurry of errors and retransmissions - I think the last time I sent a long IM it seemed like I was in an infinite loop of errors and retransmissions, so I killed the Gaim process. On a somewhat related note - I really like the OTR philosophy and was wondering if anyone was working on extending OTR to the chatroom/conference functionality of the IM clients and networks? Basically, to replicate a "private" conversation amongst a number of people in a secure room. (At least private in the sense that all the participants can feel comfortable their chat is secure in-transit, they have repudiation, etc.) Thanks! From ian at cypherpunks.ca Sun Jan 7 15:59:50 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 7 Jan 2007 15:59:50 -0500 Subject: [OTR-users] Long Yahoo! IMs cause problem w/ Gaim/OTR? In-Reply-To: References: Message-ID: <20070107205950.GJ16711@yoink.cs.uwaterloo.ca> On Sun, Jan 07, 2007 at 03:27:06PM -0500, Mark G. Spencer wrote: > I've been testing the OTR plugin for Gaim and have noticed that > sending long Yahoo! IMs causes a problem with OTR. I get a flurry of > errors and retransmissions - I think the last time I sent a long IM it > seemed like I was in an infinite loop of errors and retransmissions, > so I killed the Gaim process. There's someone who will be working on OTR this term, and fragmentation support should be one of his first tasks. So watch for a fix. :-) > On a somewhat related note - I really like the OTR philosophy and was > wondering if anyone was working on extending OTR to the > chatroom/conference functionality of the IM clients and networks? > Basically, to replicate a "private" conversation amongst a number of > people in a secure room. (At least private in the sense that all the > participants can feel comfortable their chat is secure in-transit, > they have repudiation, etc.) That's one of the stated future directions of OTR. Probably not this term, though. One of the tricky bits is determining exactly what you mean by "deniable authentication" in a group context. During the conversation, should Bob be able to tell that this message came from Alice, and not from Charlie, or just that someone in the chatroom sent it? After the conversation, of course, we'd like complete deniability and forgeability. - Ian From readytogo2 at freenet.de Wed Jan 10 16:36:47 2007 From: readytogo2 at freenet.de (readytogo2) Date: Wed, 10 Jan 2007 22:36:47 +0100 Subject: [OTR-users] damm spambots Message-ID: <45A55C6F.40805@freenet.de> Today I have just recived my frist spam and phising mails on my new e-mail account (this account). If I search for my e-mail adress on google I will find two posts on the otr users mailing list. My suggestion, wouldn`t it be better to use some free forum software instant of a mailing list? Or at least to encode the email adresses so spambots can`t gather them. From readytogo2 at freenet.de Wed Jan 10 17:14:01 2007 From: readytogo2 at freenet.de (readytogo2) Date: Wed, 10 Jan 2007 23:14:01 +0100 Subject: [OTR-users] fresh wind for the otr project Message-ID: <45A56529.3090606@freenet.de> Hi, some time ago I asked you what your otr project`s objective is about. You want as many people to use otr and not just a few. But right now it`s only used by a few people. I could overflow you with suggestions about the binarys and the website aswell too. But for now I don`t know how welcome this is. The main changes I suggest are mailinglist -> forum, single laguange website and binarys -> multilagunage + some kind of wikipeida help sites. Sure this should not happen all on one day. Maybe you could recrute more staff. I would also offer you to translate the website and the binarys from English to my native lagunage (German). I can read and understand English very well. Btw my German orthography and grammar are much better then my English. ;) From laffodil22 at hotmail.com Sun Jan 14 10:25:20 2007 From: laffodil22 at hotmail.com (Laff O'Dil) Date: Sun, 14 Jan 2007 10:25:20 -0500 Subject: [OTR-users] Console client with support for OTR? Message-ID: Is anybody aware of a console client that has support for OTR? Ideally, I would like to "screen" a client on a Linux/BSD shell and stay connected 24/7. I know Gaim has a CLI client in their 2.0 beta releases, but I have not seen an OTR plugin for it yet. I imagine it would not be that hard to port OTR to it as all that will be required is a UI for it. _________________________________________________________________ The MSN Entertainment Guide to Golden Globes is here. Get all the scoop. http://tv.msn.com/tv/globes2007/?icid=nctagline2 From galenz at zinkconsulting.com Mon Jan 15 00:29:51 2007 From: galenz at zinkconsulting.com (galenz at zinkconsulting.com) Date: Sun, 14 Jan 2007 21:29:51 -0800 Subject: [OTR-users] OTR Proxy and Intel - I'm Dead Ending Message-ID: <4DBAE00F-9AB2-4E9D-99F9-9A7765D25F27@zinkconsulting.com> Hello, I have recently begun needing to use OTR on an x86-based Macintosh via the proxy app. The proxy app published on the website is PPC only. It was working for a while (with 10.4.6 I believe), but now (I have since upgraded to 10.4.8) the app bounces up and down a bit, then stops and crashes. It logs a bunch of fairly meaningless (at least to me) information. I've attempted building a fresh OTR Proxy application, but I can't get past problems with lib-gpg-error. I've tried the latest version and an older one, it always fails during make. I really want to use x86 software because emulating a PPC app is not terribly efficient. I tried the x86 binary posted on the list some months ago, but it too fails. Any comments on how I can get an OTR proxy up and running on this new machine would be much appreciated. I'm pretty stuck here - I'm not sure what else I can do at the moment, everything had lead me to a dead end. -Galen Here's the crash log output from the x86 version: Host Name: xxxx Date/Time: 2007-01-14 21:23:00.755 -0800 OS Version: 10.4.8 (Build 8L2127) Report Version: 4 Command: OTR Proxy Path: /Downloads/OTR Proxy.app/Contents/MacOS/OTR Proxy Parent: WindowServer [86] Version: ??? (???) PID: 316 Thread: Unknown Link (dyld) error: Library not loaded: /usr/local/lib/libotr.2.dylib Referenced from: /Downloads/OTR Proxy.app/Contents/MacOS/OTR Proxy Reason: image not found Here's the crash log from the PPC version: (this is long and there's no other content in this email after the log report) ********** Host Name: xxxx Date/Time: 2007-01-14 21:12:57.748 -0800 OS Version: 10.4.8 (Build 8L2127) Report Version: 4 Command: OTR Proxy Path: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy Parent: WindowServer [86] Rosetta: Yes Version: ??? (???) PID: 228 Thread: Unknown Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x90237ad8 Thread 0: 0 OTR Proxy 0xb80b512c 0xb8000000 + 741676 1 OTR Proxy 0xb809f925 0xb8000000 + 653605 2 OTR Proxy 0xb80bd24e 0xb8000000 + 774734 3 OTR Proxy 0xb811de0d spin_lock_wrapper + 1985 Thread 1: 0 OTR Proxy 0xb823369b strchr + 72 1 OTR Proxy 0xb81cef17 pthread_cond_wait + 3114 2 OTR Proxy 0xb816831a catch_exception_raise_state_identity + 318 3 OTR Proxy 0xb8167856 CallPPCFunctionAtAddressInt + 177220 4 OTR Proxy 0xb816774d CallPPCFunctionAtAddressInt + 176955 5 OTR Proxy 0xb8168418 catch_exception_raise_state_identity + 572 6 OTR Proxy 0xb820480c pthread_create + 1124 Unknown thread crashed with unknown flavor: 1 state_count: 16 Binary Images Description: 0x1000 - 0x252fff OTR Proxy /Applications/OTR Proxy.app/ Contents/MacOS/OTR Proxy 0x8fc00000 - 0x8fc50fff dyld 46.9 /usr/lib/dyld 0x8fe00000 - 0x8fe49fff dyld 46.9 /usr/lib/dyld 0x90000000 - 0x901c0fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x90218000 - 0x9021dfff libmathCommon.A.dylib /usr/lib/system/ libmathCommon.A.dylib 0x9021f000 - 0x90261fff com.apple.CoreText 1.1.1 (???) /System/ Library/Frameworks/ApplicationServices.framework/Versions/A/ Frameworks/CoreText.framework/Versions/A/CoreText 0x90289000 - 0x9036dfff ATS /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/ Versions/A/ATS 0x90396000 - 0x90757fff com.apple.CoreGraphics 1.258.38 (???) /System/ Library/Frameworks/ApplicationServices.framework/Versions/A/ Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x907e6000 - 0x908bdfff com.apple.CoreFoundation 6.4.6 (368.27) / System/Library/Frameworks/CoreFoundation.framework/Versions/A/ CoreFoundation 0x90904000 - 0x90904fff com.apple.CoreServices 10.4 (???) /System/ Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90906000 - 0x90a0cfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a5d000 - 0x90ae0fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90b09000 - 0x90b7bfff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bee000 - 0x90bf9fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bfe000 - 0x90c73fff com.apple.framework.IOKit 1.4.6 (???) /System/ Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c89000 - 0x90c9bfff libauto.dylib /usr/lib/libauto.dylib 0x90ca1000 - 0x90f6cfff com.apple.CoreServices.CarbonCore 682.15 / System/Library/Frameworks/CoreServices.framework/Versions/A/ Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90fc9000 - 0x91042fff com.apple.CoreServices.OSServices 4.1 /System/ Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ OSServices.framework/Versions/A/OSServices 0x91084000 - 0x910c5fff com.apple.CFNetwork 129.19 /System/Library/ Frameworks/CoreServices.framework/Versions/A/Frameworks/ CFNetwork.framework/Versions/A/CFNetwork 0x910d9000 - 0x910ecfff com.apple.WebServices 1.1.3 (1.1.0) /System/ Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ WebServicesCore.framework/Versions/A/WebServicesCore 0x910f8000 - 0x9117efff com.apple.SearchKit 1.0.5 /System/Library/ Frameworks/CoreServices.framework/Versions/A/Frameworks/ SearchKit.framework/Versions/A/SearchKit 0x911b4000 - 0x911d4fff com.apple.Metadata 10.4.4 (121.36) /System/ Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ Metadata.framework/Versions/A/Metadata 0x911e1000 - 0x911f0fff libz.1.dylib /usr/lib/libz.1.dylib 0x911f3000 - 0x913a8fff com.apple.security 4.5.2 (29774) /System/ Library/Frameworks/Security.framework/Versions/A/Security 0x914a5000 - 0x914aefff com.apple.DiskArbitration 2.1.1 /System/ Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x914b5000 - 0x914ddfff com.apple.SystemConfiguration 1.8.6 /System/ Library/Frameworks/SystemConfiguration.framework/Versions/A/ SystemConfiguration 0x914ef000 - 0x914f7fff libbsm.dylib /usr/lib/libbsm.dylib 0x914fb000 - 0x91574fff com.apple.audio.CoreAudio 3.0.4 /System/ Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x915be000 - 0x915befff com.apple.ApplicationServices 10.4 (???) / System/Library/Frameworks/ApplicationServices.framework/Versions/A/ ApplicationServices 0x915c0000 - 0x915f2fff com.apple.AE 314 (313) /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ AE.framework/Versions/A/AE 0x91608000 - 0x916e5fff com.apple.ColorSync 4.4.8 /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync 0x91724000 - 0x917a5fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x917e2000 - 0x91894fff com.apple.QD 3.10.21 (???) /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD 0x918c9000 - 0x9191ffff com.apple.HIServices 1.5.2 (???) /System/ Library/Frameworks/ApplicationServices.framework/Versions/A/ Frameworks/HIServices.framework/Versions/A/HIServices 0x91947000 - 0x91961fff com.apple.LangAnalysis 1.6.3 /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis 0x9196f000 - 0x9198cfff com.apple.FindByContent 1.5 /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ FindByContent.framework/Versions/A/FindByContent 0x91998000 - 0x919d4fff com.apple.LaunchServices 181 /System/Library/ Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices 0x919ec000 - 0x919fafff com.apple.speech.synthesis.framework 3.5 / System/Library/Frameworks/ApplicationServices.framework/Versions/A/ Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x91a02000 - 0x91a3dfff com.apple.ImageIO.framework 1.5.0 /System/ Library/Frameworks/ApplicationServices.framework/Versions/A/ Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91a51000 - 0x91b14fff libcrypto.0.9.7.dylib /usr/lib/libcrypto. 0.9.7.dylib 0x91b5f000 - 0x91b74fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91b79000 - 0x91b99fff libJPEG.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libJPEG.dylib 0x91b9e000 - 0x91bfdfff libJP2.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libJP2.dylib 0x91c0f000 - 0x91c13fff libGIF.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libGIF.dylib 0x91c15000 - 0x91c7bfff libRaw.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libRaw.dylib 0x91c80000 - 0x91cc0fff libTIFF.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libTIFF.dylib 0x91cc6000 - 0x91ce0fff libPng.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libPng.dylib 0x91ce5000 - 0x91ce7fff libRadiance.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/ Versions/A/Resources/libRadiance.dylib 0x91ce9000 - 0x91ce9fff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/ Accelerate 0x91ceb000 - 0x91dd1fff com.apple.vImage 2.5 /System/Library/ Frameworks/Accelerate.framework/Versions/A/Frameworks/ vImage.framework/Versions/A/vImage 0x91dd9000 - 0x91df8fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/ Frameworks/vecLib.framework/Versions/A/vecLib 0x91e64000 - 0x91ef0fff libvMisc.dylib /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/ A/libvMisc.dylib 0x91efc000 - 0x91f93fff libvDSP.dylib /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/ A/libvDSP.dylib 0x91fac000 - 0x92559fff libBLAS.dylib /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/ A/libBLAS.dylib 0x9258c000 - 0x928b7fff libLAPACK.dylib /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/ A/libLAPACK.dylib 0x928e7000 - 0x9296dfff com.apple.DesktopServices 1.3.5 /System/ Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/ DesktopServicesPriv 0x929af000 - 0x92be3fff com.apple.Foundation 6.4.7 (567.28) /System/ Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92cf8000 - 0x92de6fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92e05000 - 0x92ef4fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92f05000 - 0x92f25fff libGL.dylib /System/Library/Frameworks/ OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92f30000 - 0x92f8cfff libGLU.dylib /System/Library/Frameworks/ OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92fa2000 - 0x92fa2fff com.apple.Carbon 10.4 (???) /System/Library/ Frameworks/Carbon.framework/Versions/A/Carbon 0x92fa4000 - 0x92fb9fff com.apple.ImageCapture 3.0.4 /System/Library/ Frameworks/Carbon.framework/Versions/A/Frameworks/ ImageCapture.framework/Versions/A/ImageCapture 0x92fca000 - 0x92fd5fff com.apple.speech.recognition.framework 3.6 / System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92fdd000 - 0x92fe5fff com.apple.securityhi 2.0.1 (24742) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ SecurityHI.framework/Versions/A/SecurityHI 0x92fec000 - 0x93076fff com.apple.ink.framework 101.2.1 (71) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ Ink.framework/Versions/A/Ink 0x9308b000 - 0x9308ffff com.apple.help 1.0.3 (32.1) /System/Library/ Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/ Versions/A/Help 0x93093000 - 0x930b5fff com.apple.openscripting 1.2.5 (???) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ OpenScripting.framework/Versions/A/OpenScripting 0x930c9000 - 0x930d1fff com.apple.print.framework.Print 5.2 (192.4) / System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ Print.framework/Versions/A/Print 0x930d8000 - 0x9313ffff com.apple.htmlrendering 66.1 (1.1.3) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ HTMLRendering.framework/Versions/A/HTMLRendering 0x93165000 - 0x931adfff com.apple.NavigationServices 3.4.4 (3.4.3) / System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ NavigationServices.framework/Versions/A/NavigationServices 0x931d7000 - 0x931e7fff com.apple.audio.SoundManager 3.9.1 /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CarbonSound.framework/Versions/A/CarbonSound 0x931f0000 - 0x931f6fff com.apple.CommonPanels 1.2.3 (73) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CommonPanels.framework/Versions/A/CommonPanels 0x931fc000 - 0x93522fff com.apple.HIToolbox 1.4.8 (???) /System/ Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ HIToolbox.framework/Versions/A/HIToolbox 0x93657000 - 0x93664fff com.apple.opengl 1.4.12 /System/Library/ Frameworks/OpenGL.framework/Versions/A/OpenGL 0x936f0000 - 0x936f0fff com.apple.Cocoa 6.4 (???) /System/Library/ Frameworks/Cocoa.framework/Versions/A/Cocoa 0x936f2000 - 0x93d60fff com.apple.AppKit 6.4.8 (824.42) /System/ Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x940e8000 - 0x9415bfff com.apple.CoreData 90 /System/Library/ Frameworks/CoreData.framework/Versions/A/CoreData 0x94194000 - 0x94253fff com.apple.audio.toolbox.AudioToolbox 1.4.3 / System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94296000 - 0x94296fff com.apple.audio.units.AudioUnit 1.4.2 /System/ Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94298000 - 0x94461fff com.apple.QuartzCore 1.4.9 /System/Library/ Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x944b5000 - 0x944f5fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x944fd000 - 0x94541fff libGLImage.dylib /System/Library/Frameworks/ OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x94768000 - 0x94a37fff com.apple.QuickTime 7.1.3 /System/Library/ Frameworks/QuickTime.framework/Versions/A/QuickTime 0x94afa000 - 0x94b1cfff libmx.A.dylib /usr/lib/libmx.A.dylib 0x9563a000 - 0x956cafff com.apple.WebKit 418.9.1 /System/Library/ Frameworks/WebKit.framework/Versions/A/WebKit 0x95726000 - 0x957b3fff com.apple.JavaScriptCore 418.3 /System/ Library/Frameworks/WebKit.framework/Versions/A/Frameworks/ JavaScriptCore.framework/Versions/A/JavaScriptCore 0x957ed000 - 0x95aebfff com.apple.WebCore 418.21 /System/Library/ Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/ Versions/A/WebCore 0x95c78000 - 0x95ca0fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x9b84b000 - 0x9b84dfff Interposers.dylib /usr/libexec/oah/Shims/ Interposers.dylib 0xb8000000 - 0xb82d9fff OTR Proxy /Applications/OTR Proxy.app/ Contents/MacOS/OTR Proxy Translated Code Information: Rosetta Version: 17.15 Args: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy - psn_0_1572865 Exception: EXC_BAD_ACCESS (0x0001) Thread 0: Crashed (0xb7fffa00, 0xb80b512c) 0x001fb5c0: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __ZN46wxEncodingNameCache_wxImplementation_HashTable16GetBucketForNodeEP S_PNS_4NodeE + 0x11c 0x000e52c4: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0xe42c4 0x00066584: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x65584 0x000fec44: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0xfdc44 0x0007fa88: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x7ea88 0x0005cb4c: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x5bb4c 0x0005cd5c: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x5bd5c 0x00003254: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x2254 0x00002a1c: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x1a1c 0x000028c0: /Applications/OTR Proxy.app/Contents/MacOS/OTR Proxy : __mh_execute_header + 0x18c0 0x02000000: No symbol PPC Thread State srr0: 0x00000000 srr1: 0x00000000 vrsave: 0x00000000 cr: 0xXXXXXXXX xer: 0x00000000 lr: 0x001fb5c0 ctr: 0x900015a8 r00: 0x8fc14d58 r01: 0xbffff690 r02: 0x00000000 r03: 0xffffddbe r04: 0x0061a4d0 r05: 0x00000010 r06: 0x00622dd1 r07: 0x00000005 r08: 0x00000001 r09: 0x0026d020 r10: 0xa00068c0 r11: 0xa0ca2270 r12: 0x900015a8 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000 r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000 r20: 0xbffff7b8 r21: 0x0061a50a r22: 0x0061a4fc r23: 0xbffff818 r24: 0x006227a0 r25: 0x0061a490 r26: 0x00000000 r27: 0x0061a4fc r28: 0x00000020 r29: 0x00000040 r30: 0x00622d80 r31: 0x001fb530 From paul at cypherpunks.ca Tue Jan 16 19:54:52 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Wed, 17 Jan 2007 01:54:52 +0100 (CET) Subject: [OTR-users] Console client with support for OTR? In-Reply-To: References: Message-ID: On Sun, 14 Jan 2007, Laff O'Dil wrote: > Is anybody aware of a console client that has support for OTR? Ideally, I > would like to "screen" a client on a Linux/BSD shell and stay connected 24/7. In theory beetlebree with otrproxy should work. In practice, I did not get it to work. > I know Gaim has a CLI client in their 2.0 beta releases, but I have not seen > an OTR plugin for it yet. I imagine it would not be that hard to port OTR to > it as all that will be required is a UI for it. gaim-otr hasnt been ported to the gaim-tui (text ui) yet. Paul From tmcmahon2 at yahoo.com Fri Jan 19 14:25:39 2007 From: tmcmahon2 at yahoo.com (Torrey McMahon) Date: Fri, 19 Jan 2007 14:25:39 -0500 Subject: [OTR-users] Gaim 2b6 and OTR Breakage Message-ID: <45B11B33.6070201@yahoo.com> Howdy. Just installed gaim 2b6 on my windows xp box. Two things seem to be broken ala OTR 1) The protocol name for AOL has changed from prpl-oscar to prpl-aim. The account prefs get changed but the otr key file doesn't. All you have to do is edit the string to say prpl-aim instead of prpl-oscar and all is well. 2) This is worse: The OTR icon has disappeared. This makes it impossible to verify new fingerprints, end conversations, etc. (Unless there is a menu for this I can't find.) From bdm at fenrir.org.uk Fri Jan 19 15:50:37 2007 From: bdm at fenrir.org.uk (Brian Morrison) Date: Fri, 19 Jan 2007 20:50:37 +0000 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <45B11B33.6070201@yahoo.com> References: <45B11B33.6070201@yahoo.com> Message-ID: <20070119205037.5e9a5985@peterson.fenrir.org.uk> On Fri, 19 Jan 2007 14:25:39 -0500 Torrey McMahon wrote: > Howdy. > > Just installed gaim 2b6 on my windows xp box. Two things seem to be > broken ala OTR > > 1) The protocol name for AOL has changed from prpl-oscar to prpl-aim. > The account prefs get changed but the otr key file doesn't. All you have > to do is edit the string to say prpl-aim instead of prpl-oscar and all > is well. > > 2) This is worse: The OTR icon has disappeared. This makes it impossible > to verify new fingerprints, end conversations, etc. (Unless there is a > menu for this I can't find.) Amazing, they've managed to break the API *again* within a beta series. Makes you wonder what they've done *this* time.... -- Brian Morrison "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." From tmcmahon2 at yahoo.com Fri Jan 19 16:07:20 2007 From: tmcmahon2 at yahoo.com (Torrey McMahon) Date: Fri, 19 Jan 2007 16:07:20 -0500 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <20070119205037.5e9a5985@peterson.fenrir.org.uk> References: <45B11B33.6070201@yahoo.com> <20070119205037.5e9a5985@peterson.fenrir.org.uk> Message-ID: <45B13308.9030402@yahoo.com> Brian Morrison wrote: > On Fri, 19 Jan 2007 14:25:39 -0500 > Torrey McMahon wrote: > > >> Howdy. >> >> Just installed gaim 2b6 on my windows xp box. Two things seem to be >> broken ala OTR >> >> 1) The protocol name for AOL has changed from prpl-oscar to prpl-aim. >> The account prefs get changed but the otr key file doesn't. All you have >> to do is edit the string to say prpl-aim instead of prpl-oscar and all >> is well. >> >> 2) This is worse: The OTR icon has disappeared. This makes it impossible >> to verify new fingerprints, end conversations, etc. (Unless there is a >> menu for this I can't find.) >> > > Amazing, they've managed to break the API *again* within a beta series. > > Makes you wonder what they've done *this* time.... I've made suggestions to the gaim folks along the lines of what alpha and beta should be but ... no luck. From bdm at fenrir.org.uk Wed Jan 24 11:56:33 2007 From: bdm at fenrir.org.uk (Brian Morrison) Date: Wed, 24 Jan 2007 16:56:33 +0000 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <45B13308.9030402@yahoo.com> References: <45B11B33.6070201@yahoo.com> <20070119205037.5e9a5985@peterson.fenrir.org.uk> <45B13308.9030402@yahoo.com> Message-ID: <45B78FC1.7040508@fenrir.org.uk> Torrey McMahon wrote: >>> 2) This is worse: The OTR icon has disappeared. This makes it >>> impossible to verify new fingerprints, end conversations, etc. >>> (Unless there is a menu for this I can't find.) >>> >> >> Amazing, they've managed to break the API *again* within a beta series. >> >> Makes you wonder what they've done *this* time.... > > I've made suggestions to the gaim folks along the lines of what alpha > and beta should be but ... no luck. OK, now the question is, can anyone here manage to recompile the OTR plugin for Gaim Win32 beta 6 ? -- Brian Morrison bdm at fenrir.org.uk From pcarrier at MIT.EDU Wed Jan 24 13:54:31 2007 From: pcarrier at MIT.EDU (Peter E. Carrier) Date: Wed, 24 Jan 2007 13:54:31 -0500 Subject: [OTR-users] OTR and CHAT question Message-ID: <007d01c73fe9$1591b930$c0075e12@SuttonCross> Hi, A bunch of us here at MIT are using OTR with jabber and various mac/windows clients, mostly gaim on windows and whatever that mac osx client is called ;). My work group likes to open a chat session for all of us at once. Is there a way to turn on OTR for the chat room? Peter ______________________________________ Peter E. Carrier Central Print Services Team Virtual Machine Systems Services Team Operations and Infrastructure Services Information Services and Technology Massachusetts Institute of Technology pcarrier at mit.edu (617) 253-6252 _______________________________________ From marti at juffo.org Wed Jan 24 14:38:08 2007 From: marti at juffo.org (Marti) Date: Wed, 24 Jan 2007 21:38:08 +0200 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <007d01c73fe9$1591b930$c0075e12@SuttonCross> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> Message-ID: <2a12af650701241138i56b38df6qd8ffca69d18064a0@mail.gmail.com> On 1/24/07, Peter E. Carrier wrote: > Is > there a way to turn on OTR for the chat room? Unfortunately, not. The OTR protocol does not support multi-user chat at this point. Marti From bdm at fenrir.org.uk Wed Jan 24 14:52:59 2007 From: bdm at fenrir.org.uk (Brian Morrison) Date: Wed, 24 Jan 2007 19:52:59 +0000 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <2a12af650701241138i56b38df6qd8ffca69d18064a0@mail.gmail.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <2a12af650701241138i56b38df6qd8ffca69d18064a0@mail.gmail.com> Message-ID: <20070124195259.0b0eb408@peterson.fenrir.org.uk> On Wed, 24 Jan 2007 21:38:08 +0200 Marti wrote: > On 1/24/07, Peter E. Carrier wrote: > > Is > > there a way to turn on OTR for the chat room? > > Unfortunately, not. The OTR protocol does not support multi-user chat > at this point. This came from a posting to this list by Ian Goldberg on January 7th (I've trimmed out the first part for brevity): On Sun, Jan 07, 2007 at 03:27:06PM -0500, Mark G. Spencer wrote: > On a somewhat related note - I really like the OTR philosophy and was > wondering if anyone was working on extending OTR to the > chatroom/conference functionality of the IM clients and networks? > Basically, to replicate a "private" conversation amongst a number of > people in a secure room. (At least private in the sense that all the > participants can feel comfortable their chat is secure in-transit, > they have repudiation, etc.) That's one of the stated future directions of OTR. Probably not this term, though. One of the tricky bits is determining exactly what you mean by "deniable authentication" in a group context. During the conversation, should Bob be able to tell that this message came from Alice, and not from Charlie, or just that someone in the chatroom sent it? After the conversation, of course, we'd like complete deniability and forgeability. - Ian -- Brian Morrison "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." From sujiannming at gmail.com Wed Jan 24 15:33:49 2007 From: sujiannming at gmail.com (Jiann-Ming Su) Date: Wed, 24 Jan 2007 15:33:49 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <007d01c73fe9$1591b930$c0075e12@SuttonCross> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> Message-ID: <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> On 1/24/07, Peter E. Carrier wrote: > Hi, > > A bunch of us here at MIT are using OTR with jabber and various mac/windows > clients, mostly gaim on windows and whatever that mac osx client is called > ;). My work group likes to open a chat session for all of us at once. Is > there a way to turn on OTR for the chat room? > If your jabber server supports client-to-server encryption, then the jabber chats should also be encrypted. In fact, using OTR with encrypted jabber IM sessions isn't completely necessary. Doesn't hurt, though. -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman "The system's broke, Hank. The election baby has peed in the bath water. You got to throw 'em both out." --Dale Gribble From ian at cypherpunks.ca Wed Jan 24 17:50:13 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 24 Jan 2007 17:50:13 -0500 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <45B78FC1.7040508@fenrir.org.uk> References: <45B11B33.6070201@yahoo.com> <20070119205037.5e9a5985@peterson.fenrir.org.uk> <45B13308.9030402@yahoo.com> <45B78FC1.7040508@fenrir.org.uk> Message-ID: <20070124225013.GQ16711@yoink.cs.uwaterloo.ca> On Wed, Jan 24, 2007 at 04:56:33PM +0000, Brian Morrison wrote: > Torrey McMahon wrote: > > >>> 2) This is worse: The OTR icon has disappeared. This makes it > >>> impossible to verify new fingerprints, end conversations, etc. > >>> (Unless there is a menu for this I can't find.) > >>> > >> > >> Amazing, they've managed to break the API *again* within a beta series. > >> > >> Makes you wonder what they've done *this* time.... > > > > I've made suggestions to the gaim folks along the lines of what alpha > > and beta should be but ... no luck. > > OK, now the question is, can anyone here manage to recompile the OTR > plugin for Gaim Win32 beta 6 ? I haven't had a chance to look into it yet, but from the description of the problem, it seems that some serious re-coding will need to be done in order to put the OTR menu somewhere accessible (like in the menu bar, say). It's not a matter of simply recompiling. - Ian From ian at cypherpunks.ca Wed Jan 24 17:52:14 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 24 Jan 2007 17:52:14 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> Message-ID: <20070124225214.GR16711@yoink.cs.uwaterloo.ca> On Wed, Jan 24, 2007 at 03:33:49PM -0500, Jiann-Ming Su wrote: > If your jabber server supports client-to-server encryption, then the > jabber chats should also be encrypted. In fact, using OTR with > encrypted jabber IM sessions isn't completely necessary. Doesn't > hurt, though. That's only true if you run your own Jabber server that everyone trusts. Client-to-server encryption doesn't help if someone else runs the server itself and can read/modify the messages there. - Ian From tmcmahon2 at yahoo.com Wed Jan 24 18:01:05 2007 From: tmcmahon2 at yahoo.com (Torrey McMahon) Date: Wed, 24 Jan 2007 18:01:05 -0500 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <20070124225013.GQ16711@yoink.cs.uwaterloo.ca> References: <45B11B33.6070201@yahoo.com> <20070119205037.5e9a5985@peterson.fenrir.org.uk> <45B13308.9030402@yahoo.com> <45B78FC1.7040508@fenrir.org.uk> <20070124225013.GQ16711@yoink.cs.uwaterloo.ca> Message-ID: <45B7E531.2060003@yahoo.com> Ian Goldberg wrote: > On Wed, Jan 24, 2007 at 04:56:33PM +0000, Brian Morrison wrote: > >> Torrey McMahon wrote: >> >> >>>>> 2) This is worse: The OTR icon has disappeared. This makes it >>>>> impossible to verify new fingerprints, end conversations, etc. >>>>> (Unless there is a menu for this I can't find.) >>>>> >>>>> >>>> Amazing, they've managed to break the API *again* within a beta series. >>>> >>>> Makes you wonder what they've done *this* time.... >>>> >>> I've made suggestions to the gaim folks along the lines of what alpha >>> and beta should be but ... no luck. >>> >> OK, now the question is, can anyone here manage to recompile the OTR >> plugin for Gaim Win32 beta 6 ? >> > > I haven't had a chance to look into it yet, but from the description of > the problem, it seems that some serious re-coding will need to be done > in order to put the OTR menu somewhere accessible (like in the menu bar, > say). It's not a matter of simply recompiling. A menu option is a good idea down the road. Getting the icon back where it was is the immediate need. From ian at cypherpunks.ca Wed Jan 24 18:07:44 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 24 Jan 2007 18:07:44 -0500 Subject: [OTR-users] Gaim 2b6 and OTR Breakage In-Reply-To: <45B7E531.2060003@yahoo.com> References: <45B11B33.6070201@yahoo.com> <20070119205037.5e9a5985@peterson.fenrir.org.uk> <45B13308.9030402@yahoo.com> <45B78FC1.7040508@fenrir.org.uk> <20070124225013.GQ16711@yoink.cs.uwaterloo.ca> <45B7E531.2060003@yahoo.com> Message-ID: <20070124230744.GS16711@yoink.cs.uwaterloo.ca> On Wed, Jan 24, 2007 at 06:01:05PM -0500, Torrey McMahon wrote: > >I haven't had a chance to look into it yet, but from the description of > >the problem, it seems that some serious re-coding will need to be done > >in order to put the OTR menu somewhere accessible (like in the menu bar, > >say). It's not a matter of simply recompiling. > > A menu option is a good idea down the road. Getting the icon back where > it was is the immediate need. Good idea. Can anyone take a look at what changed in b6 and make a patch? I'm swamped until the 5th, but I could probably build the new version if someone sent in a patch. - Ian From gdt at ir.bbn.com Thu Jan 25 09:59:01 2007 From: gdt at ir.bbn.com (Greg Troxel) Date: Thu, 25 Jan 2007 09:59:01 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <20070124225214.GR16711@yoink.cs.uwaterloo.ca> (Ian Goldberg's message of "Wed\, 24 Jan 2007 17\:52\:14 -0500") References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> Message-ID: Ian Goldberg writes: > On Wed, Jan 24, 2007 at 03:33:49PM -0500, Jiann-Ming Su wrote: >> If your jabber server supports client-to-server encryption, then the >> jabber chats should also be encrypted. In fact, using OTR with >> encrypted jabber IM sessions isn't completely necessary. Doesn't >> hurt, though. > > That's only true if you run your own Jabber server that everyone trusts. > Client-to-server encryption doesn't help if someone else runs the server > itself and can read/modify the messages there. > > - Ian Also, c2s encryption doesn't provide deniability and does not necessarily provide PFS.... Further, "necessary" is an individual judgement (which should be) based on threat models and costs, and it therefore doesn't make any sense at all to make general statements about what is necessary. I use OTR even though I run my own jabber servers and use TLS to it, and transport-mode IPsec between servers. You might choose to as well if you noticed the black helicopters that follow you around :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available URL: From bdm at fenrir.org.uk Thu Jan 25 14:56:50 2007 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 25 Jan 2007 19:56:50 +0000 Subject: [OTR-users] OTR and CHAT question In-Reply-To: References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> Message-ID: <20070125195650.5d176b16@peterson.fenrir.org.uk> On Thu, 25 Jan 2007 09:59:01 -0500 Greg Troxel wrote: > You might choose to as well if you noticed the black helicopters > that follow you around :-) Damn! Is it just me, or are there a lot more of those things around than there used to be? -- Brian Morrison "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." From sujiannming at gmail.com Thu Jan 25 16:21:43 2007 From: sujiannming at gmail.com (Jiann-Ming Su) Date: Thu, 25 Jan 2007 16:21:43 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> Message-ID: <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> On 1/25/07, Greg Troxel wrote: > > > Also, c2s encryption doesn't provide deniability and does not > necessarily provide PFS.... > > Further, "necessary" is an individual judgement (which should be) > based on threat models and costs, and it therefore doesn't make any > sense at all to make general statements about what is necessary. > > I use OTR even though I run my own jabber servers and use TLS to it, > and transport-mode IPsec between servers. You might choose to as well > if you noticed the black helicopters that follow you around :-) > How do you protect the OTR keys from unauthorized use? When I initiate an OTR chat now, I'm not asked for any authentication from the private keys. What happens if a trusted user's laptop gets stolen, or his workstation gets compromised? Can't the intruder/untrusted user start a trusted/verfied OTR chat session? -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman "The system's broke, Hank. The election baby has peed in the bath water. You got to throw 'em both out." --Dale Gribble From spencerforhire at gmail.com Fri Jan 26 11:32:49 2007 From: spencerforhire at gmail.com (Mark G. Spencer) Date: Fri, 26 Jan 2007 11:32:49 -0500 Subject: [OTR-users] Long Yahoo! IMs cause problem w/ Gaim/OTR? In-Reply-To: <20070107205950.GJ16711@yoink.cs.uwaterloo.ca> References: <20070107205950.GJ16711@yoink.cs.uwaterloo.ca> Message-ID: Hi Ian, Do you know what the IM character limit for OTR is? Or is the problem actually with the Gaim plugin not OTR itself? I'm wondering if we use Adium X instead if we can avoid the infinite loop of errors that happens when an IM that is too long is sent. Lately it has been happening a lot where my coworkers will copy and paste something into their Gaim (OTR and Yahoo!) and we end up having to close Gaim on both sides of the conversation. On 1/7/07, Ian Goldberg wrote: > On Sun, Jan 07, 2007 at 03:27:06PM -0500, Mark G. Spencer wrote: > > I've been testing the OTR plugin for Gaim and have noticed that > > sending long Yahoo! IMs causes a problem with OTR. I get a flurry of > > errors and retransmissions - I think the last time I sent a long IM it > > seemed like I was in an infinite loop of errors and retransmissions, > > so I killed the Gaim process. > > There's someone who will be working on OTR this term, and fragmentation > support should be one of his first tasks. So watch for a fix. :-) > > > On a somewhat related note - I really like the OTR philosophy and was > > wondering if anyone was working on extending OTR to the > > chatroom/conference functionality of the IM clients and networks? > > Basically, to replicate a "private" conversation amongst a number of > > people in a secure room. (At least private in the sense that all the > > participants can feel comfortable their chat is secure in-transit, > > they have repudiation, etc.) > > That's one of the stated future directions of OTR. Probably not this > term, though. One of the tricky bits is determining exactly what > you mean by "deniable authentication" in a group context. During the > conversation, should Bob be able to tell that this message came from > Alice, and not from Charlie, or just that someone in the chatroom sent > it? After the conversation, of course, we'd like complete deniability > and forgeability. > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From rthompson at ati-security.net Fri Jan 26 16:00:46 2007 From: rthompson at ati-security.net (Robert A. Thompson) Date: Fri, 26 Jan 2007 11:00:46 -1000 Subject: [OTR-users] Gaim Beta 6 changes the AIM protocol from prpl-oscar to prpl-aim Message-ID: <45BA6BFE.8080503@ati-security.net> Hey guys, Looks like the latest beta of gaim (2b6) changed some things again. Although I am not able to patch/recompile otr for gaim, I do want to let you know I discovered that the protocol name(s) (at least) changed for AIM services. As OTR relies on protocol name and username to match fingerprints, I had to do the following: In windows, I went to my profile directory \Application Data\.gaim\. From there I did a string replace in otr.fingerprints and otr.private_key to replace prpl-oscar with prpl-aim. This in turn updated OTR to know that i already had fingerprints for the accounts/protocols i use most often. Although OTR doesn't work 100% (missing buttons, for example) it seems to establish private sessions with other OTR users I interact with in gaim 2 beta 6. - Rob From paul at cypherpunks.ca Fri Jan 26 16:49:01 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 26 Jan 2007 22:49:01 +0100 (CET) Subject: [OTR-users] OTR and CHAT question In-Reply-To: <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> Message-ID: On Thu, 25 Jan 2007, Jiann-Ming Su wrote: > How do you protect the OTR keys from unauthorized use? When I > initiate an OTR chat now, I'm not asked for any authentication from > the private keys. What happens if a trusted user's laptop gets > stolen, or his workstation gets compromised? Can't the > intruder/untrusted user start a trusted/verfied OTR chat session? Yes. One could add a passphrase to encrypt/decrypt those files at startup, giving the victim some more time to tell their friends about ditching the keys. Paul From rbrt_ryn at yahoo.com Fri Jan 26 17:23:27 2007 From: rbrt_ryn at yahoo.com (Robert Ryan) Date: Fri, 26 Jan 2007 15:23:27 -0700 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> Message-ID: <45BA7F5F.4040305@yahoo.com> Jiann-Ming Su wrote: > How do you protect the OTR keys from unauthorized use? When I > initiate an OTR chat now, I'm not asked for any authentication from > the private keys. What happens if a trusted user's laptop gets > stolen, or his workstation gets compromised? Can't the > intruder/untrusted user start a trusted/verfied OTR chat session? The lack of any authentication and the lack of web of trust for OTR keys are the main downfalls of the whole system. You need a separate system to address these problems. You could use PGP to send the session ID to your contact via signed, encrypted email. That way you could use PGP's authentication and web of trust. This wouldn't be very convenient for a group chat. Alternatively, you could send a signed message via OTR. That way everyone in the chat would get it. If they can verify your signature (and they trust your key) they will know it is you. -- Robert Ryan Thunderbird + Enigmail + GnuPG Gaim + OTR From rbrt_ryn at yahoo.com Fri Jan 26 17:36:15 2007 From: rbrt_ryn at yahoo.com (Robert Ryan) Date: Fri, 26 Jan 2007 15:36:15 -0700 Subject: [OTR-users] OTR and CHAT question In-Reply-To: References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> Message-ID: <45BA825F.30805@yahoo.com> Paul Wouters wrote: > On Thu, 25 Jan 2007, Jiann-Ming Su wrote: >> Can't the intruder/untrusted user start a trusted/verfied OTR chat >> session? > > Yes. One could add a passphrase to encrypt/decrypt those files at > startup, giving the victim some more time to tell their friends about > ditching the keys. The trouble is that there is no way to officially revoke those keys. So unless you can meet all of your OTR contacts face to face they will have no idea which keys are really yours. Again, PGP is probably the best way to solve this provided your contacts trust your PGP key. -- Robert Ryan Thunderbird + Enigmail + GnuPG Gaim + OTR From alex323 at gmail.com Fri Jan 26 17:42:16 2007 From: alex323 at gmail.com (Alex) Date: Fri, 26 Jan 2007 17:42:16 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <45BA7F5F.4040305@yahoo.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> Message-ID: <20070126174216.6ddd2361@localhost> On Fri, 26 Jan 2007 15:23:27 -0700 Robert Ryan wrote: > Jiann-Ming Su wrote: > > How do you protect the OTR keys from unauthorized use? When I > > initiate an OTR chat now, I'm not asked for any authentication from > > the private keys. What happens if a trusted user's laptop gets > > stolen, or his workstation gets compromised? Can't the > > intruder/untrusted user start a trusted/verfied OTR chat session? > > The lack of any authentication and the lack of web of trust for OTR > keys are the main downfalls of the whole system. You need a separate > system to address these problems. I think what he meant was that the user should have to decrypt the private key in order to start a chat. I dislike webs of trust because they become entangled and chaotic (revocation certificates, and all that other garbage). However I do think that an encrypted private key would be a step in the right direction to protect against stolen laptops. -- Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: not available URL: From marti at juffo.org Fri Jan 26 17:51:05 2007 From: marti at juffo.org (Marti) Date: Sat, 27 Jan 2007 00:51:05 +0200 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <20070126174216.6ddd2361@localhost> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> <20070126174216.6ddd2361@localhost> Message-ID: <2a12af650701261451t182c7760q705d63e9e3e97e58@mail.gmail.com> On 1/27/07, Alex wrote: > However I do think that an encrypted private > key would be a step in the right direction to protect against stolen > laptops. A laptop is likely to contain other important information as well. I would rather opt for (full) disk encryption. -- Marti From rbrt_ryn at yahoo.com Fri Jan 26 18:05:17 2007 From: rbrt_ryn at yahoo.com (Robert Ryan) Date: Fri, 26 Jan 2007 16:05:17 -0700 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <20070126174216.6ddd2361@localhost> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> <20070126174216.6ddd2361@localhost> Message-ID: <45BA892D.5030608@yahoo.com> Alex wrote: > I think what he meant was that the user should have to decrypt the > private key in order to start a chat. I dislike webs of trust > because they become entangled and chaotic (revocation certificates, and > all that other garbage). However I do think that an encrypted private > key would be a step in the right direction to protect against stolen > laptops. > True, but it still doesn't provide your contact any assurance that they are really talking to you. It also doesn't solve the key revocation problem. It would be easy for a trojan to wait until the file is decrypted and then lift it. Some form of key revocation is needed in case your keys are lost or stolen. -- Robert Ryan Thunderbird + Enigmail + GnuPG Gaim + OTR From alex323 at gmail.com Fri Jan 26 18:22:33 2007 From: alex323 at gmail.com (Alex) Date: Fri, 26 Jan 2007 18:22:33 -0500 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <45BA892D.5030608@yahoo.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> <20070126174216.6ddd2361@localhost> <45BA892D.5030608@yahoo.com> Message-ID: <20070126182233.71ebb633@localhost> On Fri, 26 Jan 2007 16:05:17 -0700 Robert Ryan wrote: > Alex wrote: > > > I think what he meant was that the user should have to decrypt the > > private key in order to start a chat. I dislike webs of trust > > because they become entangled and chaotic (revocation certificates, > > and all that other garbage). However I do think that an encrypted > > private key would be a step in the right direction to protect > > against stolen laptops. > > > > True, but it still doesn't provide your contact any assurance that > they are really talking to you. It also doesn't solve the key > revocation problem. > > It would be easy for a trojan to wait until the file is decrypted and > then lift it. You can say that a trojan can wait for your PGP private key to become available too. One of the main ideas behind OTR is plausible deniability, which PGP is lacking in (proof that you've said something can be good and bad). The internet is so anonymous, it is impossible to really "know" who you are talking to unless you see the other party in real life and trade fingerprints (even then, he could leave his desk for a moment while someone else starts chatting with you). OTR is as good as it's going to get. I still think that the current system could benefit from an encryption scheme for private keys on disk. -- Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: not available URL: From ian at cypherpunks.ca Sat Jan 27 10:03:59 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 27 Jan 2007 10:03:59 -0500 Subject: [OTR-users] Long Yahoo! IMs cause problem w/ Gaim/OTR? In-Reply-To: References: <20070107205950.GJ16711@yoink.cs.uwaterloo.ca> Message-ID: <20070127150359.GK16711@yoink.cs.uwaterloo.ca> On Fri, Jan 26, 2007 at 11:32:49AM -0500, Mark G. Spencer wrote: > Hi Ian, > > Do you know what the IM character limit for OTR is? Or is the problem > actually with the Gaim plugin not OTR itself? I'm wondering if we use > Adium X instead if we can avoid the infinite loop of errors that > happens when an IM that is too long is sent. Lately it has been > happening a lot where my coworkers will copy and paste something into > their Gaim (OTR and Yahoo!) and we end up having to close Gaim on both > sides of the conversation. OTR doesn't have a limit; the different networks have different limits. That's something we're working on right now, though. - Ian From newcastlescott007 at yahoo.com Sun Jan 28 09:10:28 2007 From: newcastlescott007 at yahoo.com (Scott Martin) Date: Sun, 28 Jan 2007 06:10:28 -0800 (PST) Subject: [OTR-users] dependancys Message-ID: <398668.5512.qm@web38506.mail.mud.yahoo.com> hello i am new to the whole realm of linux and am using centos ad my os it is a clone of redhat.i have been using gaim and otr for a while on the dreaded windows box with success, but i am running into dependency issues trying to install otr for gaim on my new os. can you help me with this and tell me what i need to install to get it operable .so far i have installed -zlib -libgcrypt error -libcript but i get an error saying i need libgcrypt error -gnupg -gmp -gettext as i have said i am new to linux and am in need of help am i installing in the wrong order? is there more i need to install and in what order the os i am running is like redhat 4 i thank you in advance for any help ____________________________________________________________________________________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From marti at juffo.org Sun Jan 28 10:19:55 2007 From: marti at juffo.org (Marti) Date: Sun, 28 Jan 2007 17:19:55 +0200 Subject: [OTR-users] dependancys In-Reply-To: <398668.5512.qm@web38506.mail.mud.yahoo.com> References: <398668.5512.qm@web38506.mail.mud.yahoo.com> Message-ID: <2a12af650701280719g5b190a40s42690efb24df8c43@mail.gmail.com> On 1/28/07, Scott Martin wrote: > but i am running into dependency issues trying to > install otr for gaim on my new os. Try yum, it should automatically resolve dependencies for you. Marti From ian at cypherpunks.ca Sun Jan 28 12:31:55 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 28 Jan 2007 12:31:55 -0500 Subject: [OTR-users] dependancys In-Reply-To: <398668.5512.qm@web38506.mail.mud.yahoo.com> References: <398668.5512.qm@web38506.mail.mud.yahoo.com> Message-ID: <20070128173155.GV16711@yoink.cs.uwaterloo.ca> On Sun, Jan 28, 2007 at 06:10:28AM -0800, Scott Martin wrote: > hello > i am new to the whole realm of linux and am using centos ad my os it is a clone of redhat.i have been using gaim and otr for a while on the dreaded windows box with success, but i am running into dependency issues trying to install otr for gaim on my new os. can you help me with this and tell me what i need to install to get it operable .so far i have installed > -zlib > -libgcrypt error > -libcript but i get an error saying i need libgcrypt error > -gnupg > -gmp > -gettext > > as i have said i am new to linux and am in need of help am i installing in the wrong order? > is there more i need to install and in what order > > the os i am running is like redhat 4 OTR is available in Fedora Core 4 already: http://fedoraproject.org/extras/4/SRPMS/repodata/repoview/gaim-otr-0-3.0.0-2.fc4.html I don't use Fedora, but I think Paul could tell you how to install it from there. - Ian From readytogo2 at freenet.de Mon Jan 29 03:49:32 2007 From: readytogo2 at freenet.de (readytogo2) Date: Mon, 29 Jan 2007 09:49:32 +0100 Subject: [OTR-users] @developers, may I create a german OTR website? Message-ID: <45BDB51C.5020306@freenet.de> Sadly there wasn`t much activity in my mail with the title 'fresh wind for the otr project'... I want more people, especial my friends to use OTR. There are not many informations about OTR in my native laguange. Therefore I want to create a german website with instructions, informations and downloads about OTR. Maybe I will translate and recompile OTR aswell (no other changes on the code). I won`t touch the copyright and note that my version is a modified and translated version (GPL rules). It is as a matter of course. As OTR is GPL I wouldn`t need to ask you if I can do this or not. But if you don`t want thrid partys to publish OTR projects I will aceept this for sure. From ian at cypherpunks.ca Mon Jan 29 10:42:35 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 29 Jan 2007 10:42:35 -0500 Subject: [OTR-users] @developers, may I create a german OTR website? In-Reply-To: <45BDB51C.5020306@freenet.de> References: <45BDB51C.5020306@freenet.de> Message-ID: <20070129154235.GA20687@thunk.cs.uwaterloo.ca> On Mon, Jan 29, 2007 at 09:49:32AM +0100, readytogo2 wrote: > Sadly there wasn`t much activity in my mail with the title 'fresh wind > for the otr project'... > > I want more people, especial my friends to use OTR. There are not many > informations about OTR in my native laguange. > > Therefore I want to create a german website with instructions, > informations and downloads about OTR. Maybe I will translate and > recompile OTR aswell (no other changes on the code). > > I won`t touch the copyright and note that my version is a modified and > translated version (GPL rules). It is as a matter of course. > > As OTR is GPL I wouldn`t need to ask you if I can do this or not. But if > you don`t want thrid partys to publish OTR projects I will aceept this > for sure. I think creating a German translation of the website would be fine. If you want to submit a real i18n patch to the OTR source, we'll include it in the official tree for sure. Thanks! - Ian From marti at juffo.org Mon Jan 29 10:57:13 2007 From: marti at juffo.org (Marti) Date: Mon, 29 Jan 2007 17:57:13 +0200 Subject: [OTR-users] @developers, may I create a german OTR website? In-Reply-To: <45BDB51C.5020306@freenet.de> References: <45BDB51C.5020306@freenet.de> Message-ID: <2a12af650701290757q4af4f241oed9fddc7d7024160@mail.gmail.com> On 1/29/07, readytogo2 wrote: > [...] Maybe I will translate and > recompile OTR aswell (no other changes on the code). If you were thinking of simply translating strings within the source code then I would suggest taking a look at the gettext project [1] since it will simplify translation to more languages in the future, and will decrease the burden of maintaining two separate source trees. [1] http://www.gnu.org/software/gettext/ Marti From paul at cypherpunks.ca Mon Jan 29 11:31:44 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 29 Jan 2007 17:31:44 +0100 (CET) Subject: [OTR-users] dependancys In-Reply-To: <398668.5512.qm@web38506.mail.mud.yahoo.com> References: <398668.5512.qm@web38506.mail.mud.yahoo.com> Message-ID: On Sun, 28 Jan 2007, Scott Martin wrote: > i am new to the whole realm of linux and am using centos ad my os it is a clone of redhat.i have been using gaim and otr for a while on the dreaded windows box with success, but i am running into dependency issues trying to install otr for gaim on my new os. can you help me with this and tell me what i need to install to get it operable .so far i have installed > -zlib > -libgcrypt error > -libcript but i get an error saying i need libgcrypt error > -gnupg > -gmp > -gettext > > as i have said i am new to linux and am in need of help am i installing in the wrong order? > is there more i need to install and in what order Grab the source rpm for gaim-otr from Fedora Extras. Then rpm -ihv it, then run rpmbuild -bb /usr/src/redhat/SPECS/gaim-otr It will then tell you all your missing dependancies, and you can grab those source rpms from fedora and install them similarly. Paul From rbrt_ryn at yahoo.com Mon Jan 29 13:22:56 2007 From: rbrt_ryn at yahoo.com (Robert Ryan) Date: Mon, 29 Jan 2007 11:22:56 -0700 Subject: [OTR-users] OTR and CHAT question In-Reply-To: <20070126182233.71ebb633@localhost> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> <20070126174216.6ddd2361@localhost> <45BA892D.5030608@yahoo.com> <20070126182233.71ebb633@localhost> Message-ID: <45BE3B80.4070404@yahoo.com> Alex wrote: > Robert Ryan Wrote >> It would be easy for a trojan to wait until the file is decrypted >> and then lift it. > > You can say that a trojan can wait for your PGP private key to become > available too. The difference being that the PGP key is only decrypted for as long as it takes to decrypt a single message. It is never stored to disk. PGP also takes special pains to protect the memory location it is decrypted to. By default the memory is wiped after it is used. The OTR key file must remain decrypted for the entire conversation. It is a plain text file that anyone can read or write. It is stored, in the open, on disk. You have to be careful that you wipe the decrypted version at the end. > One of the main ideas behind OTR is plausible deniability, which PGP > is lacking in (proof that you've said something can be good and > bad). > You would only use PGP to verify your identity. The rest of the conversation remains deniable because no one can prove who said what or when. > The internet is so anonymous, it is impossible to really "know" who > you are talking to unless you see the other party in real life But I do need to know that the Alex who sent this message is the same as the one who sent the message on Jan 26. The OTR fingerprint only identifies you, it does not authenticate you. Authentication involves something only you know like a PIN or passphrase. > even then, he could leave his desk for a moment while someone else > starts chatting with you. It's worse than that, it would only take a few moments to walk off with the keyfile itself. If that happens there is no way to revoke the key! -- Robert Ryan Thunderbird + Enigmail + GnuPG Gaim + OTR From paul at cypherpunks.ca Mon Jan 29 23:44:32 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 30 Jan 2007 05:44:32 +0100 (CET) Subject: [OTR-users] OTR and CHAT question In-Reply-To: <45BE3B80.4070404@yahoo.com> References: <007d01c73fe9$1591b930$c0075e12@SuttonCross> <561dc3260701241233j7b9890bfi23dd795aa9dd9db6@mail.gmail.com> <20070124225214.GR16711@yoink.cs.uwaterloo.ca> <561dc3260701251321i42de3505qf1cb08ef4de4c9e2@mail.gmail.com> <45BA7F5F.4040305@yahoo.com> <20070126174216.6ddd2361@localhost> <45BA892D.5030608@yahoo.com> <20070126182233.71ebb633@localhost> <45BE3B80.4070404@yahoo.com> Message-ID: On Mon, 29 Jan 2007, Robert Ryan wrote: > The difference being that the PGP key is only decrypted for as long as > it takes to decrypt a single message. It is never stored to disk. PGP > also takes special pains to protect the memory location it is decrypted > to. By default the memory is wiped after it is used. That doesn't help against the key logger trojan. > The OTR key file must remain decrypted for the entire conversation. Does it? I thought once the OTR session has started, it is no longer needed until a new user needs to be identified? After all, OTR doesn't use signed messages by the OTR key. > is a plain text file that anyone can read or write. On a real OS, only the user itself can read/write it :) > It is stored, in the > open, on disk. You have to be careful that you wipe the decrypted > version at the end. Having a passphrase on the disk would be a good feature. Though the security is very limited. How many people still usea pincode on their phone? I realised years ago I never turn off my phone, so whoever steals my phone can use it without limitations as long as it stays powered up. The pincode adds no protection (and by now i dont set it anymore). Another example is my laptop's SSH agent. It runs most of the time, and has my ssh passphrase credentials so I can ssh without retyping the key passphrase all the time. Now with that, I'm a little bit more careful. When going to public events, I disable it But if someone breaks into my house, there is a good change my ssh agent is running with some privs. OTR would have these issues too, as everyone leaves their IM client running overnight, or through laptop suspensions. And having to type a passphrase per application will just mean people start using one passphrase for all their applications. > But I do need to know that the Alex who sent this message is the same as > the one who sent the message on Jan 26. The OTR fingerprint only > identifies you, it does not authenticate you. > Authentication involves something only you know like a PIN or passphrase. You could use FileVault or whatever the Windows/Linux equivalent is to using an encrypted home directory. fuse or pgp-disk or something. > It's worse than that, it would only take a few moments to walk off with > the keyfile itself. If that happens there is no way to revoke the key! The person still needs to password to the IM account as well. Perhaps even needing your profile photo from your laptop. and hewould need you not telling your friends your old key was stolen. You could change your IM password and make its title "OTR KEY STOLEN, please delete". I don't think OTR should become Yet Another PKI. Though I would like to see some way of using OTR to kickstart other identity issues. For instance agreeing on a temporary symmetric key (for SIP encryption or a file download) Paul