From senatorfrog at gmail.com Thu Mar 1 22:38:34 2007 From: senatorfrog at gmail.com (Mark Senior) Date: Thu, 1 Mar 2007 20:38:34 -0700 Subject: [OTR-users] otr-proxy and iChat Message-ID: <70f230c70703011938p6d7f1547tc8a12cd97b6d366f@mail.gmail.com> Hello list I've looked back through the list for the last couple of months and not noted any feedback on using OTR Proxy.app on OS X, with iChat. In case any of this is platform sensitive - I'm using OS X 10.4.8 on an Intel iMac. As it is right now, it's probably not usable to most Mac users. I tried to run the app in the usual Mac-y way, by double clicking on the icon from the Applications folder. The GUI starts up, and everything seems fine. I then logged out of iChat, set the preferences to use localhost:8080 as an HTTP proxy, and tried to connect. At this point, the connection process seemed to hang for about a minute, and then it gave up and went to the "disconnected" state. I tried quitting OTR Proxy and relaunched it, but it objected that it was unable to listen on ports 1080 and 8080, because another process already had them. I quit OTR Proxy again, ran "lsof -i" and sure enough there was a running process hanging around (maybe it doesn't clean up its child processes?). So, there's bug number one. But even with the lingering process killed, it still can't connect. Figuring I might get some debug info, I cd'd into /Applications/OTR\ Proxy/Contents/MacOS/ and ran the executable at the terminal. Having done that, the connection worked fine! So, bug number two - does OTR Proxy maybe require a tty to write to? Generating the private key seemed to work well at that point. Now, I just have to wait for someone to come on line so I can try chatting with them... Regards Mark From samslists at gmail.com Fri Mar 2 01:43:34 2007 From: samslists at gmail.com (Sam's Lists) Date: Thu, 1 Mar 2007 22:43:34 -0800 Subject: [OTR-users] Verifying when one user has gaim and one adium. Message-ID: <558124520703012243x2947f7d7l605a0dbdbc54a644@mail.gmail.com> It's a piece of cake to verify with someone over the phone when both of us are running gaim. But Adium seems very different. It seems to want to verify the session id. I can't figure out by talking on the phone to this mac user where to have her look for her fingerprint. Has anyone else used both adium and gaim. Why can't the verification process be exactly the same? All this confusion can cause errors. -------------- next part -------------- An HTML attachment was scrubbed... URL: From galenz at zinkconsulting.com Sun Mar 4 17:01:23 2007 From: galenz at zinkconsulting.com (galenz at zinkconsulting.com) Date: Sun, 4 Mar 2007 14:01:23 -0800 Subject: [OTR-users] otr-proxy and iChat In-Reply-To: <70f230c70703011938p6d7f1547tc8a12cd97b6d366f@mail.gmail.com> References: <70f230c70703011938p6d7f1547tc8a12cd97b6d366f@mail.gmail.com> Message-ID: <757C5610-1321-47E2-8D57-1D44CCF94716@zinkconsulting.com> I've had a terrible time with this as well, particularly after migrating to a MacBook. I couldn't even get a native x86 version to build and nobody on the list bothered to post any responses. Aside from countless bugs / strange behaviors, particularly prevalent under x86, simply having a single PPC app open on an x86-based Mac results in significantly increased memory usage. I ultimately did a manual migration of my information into Adium. That has been acceptable, but overall, Adium suffers from excessive flexibility and lots of strange behaviors. At least file transfers work these days. The only advantage to Adium is integrated OTR, tabs, support for multiple IM networks and possibly the auto-accept file transfer function. The GUI is super-customizable, but utterly lacking in polish and simplicity. I have considered writing a script to automate the migration from OTR Proxy.app to Adium, and possibly back again. -Galen On Mar 1, 2007, at 7:38 PM, Mark Senior wrote: > Hello list > > I've looked back through the list for the last couple of months and > not noted any feedback on using OTR Proxy.app on OS X, with iChat. > > In case any of this is platform sensitive - I'm using OS X 10.4.8 on > an Intel iMac. > > As it is right now, it's probably not usable to most Mac users. I > tried to run the app in the usual Mac-y way, by double clicking on the > icon from the Applications folder. The GUI starts up, and everything > seems fine. I then logged out of iChat, set the preferences to use > localhost:8080 as an HTTP proxy, and tried to connect. At this point, > the connection process seemed to hang for about a minute, and then it > gave up and went to the "disconnected" state. > > I tried quitting OTR Proxy and relaunched it, but it objected that it > was unable to listen on ports 1080 and 8080, because another process > already had them. I quit OTR Proxy again, ran "lsof -i" and sure > enough there was a running process hanging around (maybe it doesn't > clean up its child processes?). So, there's bug number one. > > But even with the lingering process killed, it still can't connect. > Figuring I might get some debug info, I cd'd into /Applications/OTR\ > Proxy/Contents/MacOS/ and ran the executable at the terminal. Having > done that, the connection worked fine! So, bug number two - does OTR > Proxy maybe require a tty to write to? > > Generating the private key seemed to work well at that point. Now, I > just have to wait for someone to come on line so I can try chatting > with them... > > Regards > Mark > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > From readytogo2 at freenet.de Sun Mar 4 18:05:04 2007 From: readytogo2 at freenet.de (readytogo2) Date: Mon, 05 Mar 2007 00:05:04 +0100 Subject: [OTR-users] Request for review of Encryption Guide In-Reply-To: References: Message-ID: <45EB50A0.8060205@freenet.de> If you want feedback here better provide a link with a website so people here don`t need to download something. You have E-Mail and IM. But there are more ways to communicate. Just some hints to improve: - email (pgp by pgp corp and why use openpgp instant (why use os instant)) - telephone (no way for serios encryption for end costumers) - voip (firewall problems, to many people are behind a router with nat and not able to open ports, zfone, unusable for end costumers right now no way to encrypt) - pc to pc (non voip, example Skype, "encrypted" (closed source), hardcore obsfucated code, famos because it`s easy and supports good firewall workarround thought p2p, spyware, security concerns) - instant messenger chats can be encrypted with pgp aswell (psi, pgp, why you otr instant) - otr (very rarly used, no reviews by "encryption god`s") - otr gaim <-> miranda <-> trillian incompatible problems (barce problem) - trillian is closed source - no one seamed to check the source of miranda/trillian otr right now so I won`t suggest using it - gaim encryption (difference to otr, reviews?, use otr or gaim encryption?) - SSL - sensitive tasks like online banking - "free webmail account", very bad idea to link to google, google is known for data miming and has a monopol (search engine), no need to support it`s monpol - "Why shall I use encryption if I have nothing to hide?" From paul at cypherpunks.ca Mon Mar 5 13:17:09 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 5 Mar 2007 19:17:09 +0100 (CET) Subject: [OTR-users] Verifying when one user has gaim and one adium. In-Reply-To: <558124520703012243x2947f7d7l605a0dbdbc54a644@mail.gmail.com> References: <558124520703012243x2947f7d7l605a0dbdbc54a644@mail.gmail.com> Message-ID: On Thu, 1 Mar 2007, Sam's Lists wrote: > It's a piece of cake to verify with someone over the phone when both of us > are running gaim. > > But Adium seems very different. It seems to want to verify the session id. > I can't figure out by talking on the phone to this mac user where to have > her look for her fingerprint. > > Has anyone else used both adium and gaim. Why can't the verification > process be exactly the same? All this confusion can cause errors. There is a bug in Adium 0.9 and a different bug in Adium 1.0+. It has been reported, and I assume they will get to it. Meanwhile, you're stuck with the confusion of "secure id" and "fingerprint". Paul From paul at cypherpunks.ca Thu Mar 15 17:54:21 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Thu, 15 Mar 2007 22:54:21 +0100 (CET) Subject: [OTR-users] default action for otr button when in "other end finished" state Message-ID: Today the other party ended their OTR session with me. I was advised "to do the same". I forgot why the otr client does not handle this itself. Perhaps the end otr message isn't authenticated? Anyway, I hit the "end of otr session" button, which of course tried to refresh the connection, instead of terminating mine, since there is no "end of otr session" button. There is only the "refresh" button. Proposal: change the default action of the OTR button to "end" if the other end closed their OTR session with you. Paul From bdm at fenrir.org.uk Thu Mar 15 18:52:31 2007 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 15 Mar 2007 22:52:31 +0000 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: References: Message-ID: <20070315225231.65f9aa79@peterson.fenrir.org.uk> On Thu, 15 Mar 2007 22:54:21 +0100 (CET) Paul Wouters wrote: > Proposal: change the default action of the OTR button to "end" if the > other end closed their OTR session with you. Surely this should be automagic, if the other end decides to terminate the session then the local OTR process must follow suit. If this isn't authenticated, then the session can easily be reopened by.... ...clicking the button to refresh the connection, it's a simple matter not to do this if the connection has been terminated intentionally ;-) -- Brian Morrison "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." From gdt at ir.bbn.com Thu Mar 15 19:51:43 2007 From: gdt at ir.bbn.com (Greg Troxel) Date: Thu, 15 Mar 2007 19:51:43 -0400 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: (Paul Wouters's message of "Thu\, 15 Mar 2007 22\:54\:21 +0100 \(CET\)") References: Message-ID: I agree that in state they-finished-we-haven't ('finished'), clicking should go to 'not private'. clicking again would of course try to negotiate. -- Greg Troxel From Gilles at Gravier.org Thu Mar 15 21:13:28 2007 From: Gilles at Gravier.org (Gilles Gravier) Date: Fri, 16 Mar 2007 02:13:28 +0100 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: <20070315225231.65f9aa79@peterson.fenrir.org.uk> References: <20070315225231.65f9aa79@peterson.fenrir.org.uk> Message-ID: <45F9EF38.2020006@Gravier.org> I like the idea of automatic termination... but I *WANT* a strong notification that this has happened... Gilles. Brian Morrison wrote: > On Thu, 15 Mar 2007 22:54:21 +0100 (CET) > Paul Wouters wrote: > > >> Proposal: change the default action of the OTR button to "end" if the >> other end closed their OTR session with you. >> > > Surely this should be automagic, if the other end decides to terminate > the session then the local OTR process must follow suit. If this isn't > authenticated, then the session can easily be reopened by.... > > ...clicking the button to refresh the connection, it's a simple matter > not to do this if the connection has been terminated intentionally ;-) > > -- /*Gilles Gravier*/ *=* *Gilles at Gravier.org* *=* *http://www.gravier.org/* ICQ : *77488526* * || *MSN Messenger : Gilles at Gravier.org * *Skype : ggravier * || *Y! : ggravier || AOL : gillesgravier PGP Key ID : *0x8DE6D026* "Chastity is its own punishment." (/Solomon Short/) [/David Gerrold/] "De toutes les aberrations sexuelles, la chastet? est la plus aberrante." [Anatole France] From ian at cypherpunks.ca Fri Mar 16 07:40:59 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 16 Mar 2007 07:40:59 -0400 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: References: Message-ID: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> On Thu, Mar 15, 2007 at 07:51:43PM -0400, Greg Troxel wrote: > I agree that in state they-finished-we-haven't ('finished'), clicking > should go to 'not private'. clicking again would of course try to > negotiate. Wait: you're saying sometimes clicking that button should make you go private, and sometimes it should make you go non-private? No way. Clicking that button should *always* (at least try to) put you in private mode. Or am I misunderstanding? - Ian From gdt at ir.bbn.com Fri Mar 16 10:02:50 2007 From: gdt at ir.bbn.com (Greg Troxel) Date: Fri, 16 Mar 2007 10:02:50 -0400 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> (Ian Goldberg's message of "Fri\, 16 Mar 2007 07\:40\:59 -0400") References: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> Message-ID: Ian Goldberg writes: > On Thu, Mar 15, 2007 at 07:51:43PM -0400, Greg Troxel wrote: >> I agree that in state they-finished-we-haven't ('finished'), clicking >> should go to 'not private'. clicking again would of course try to >> negotiate. > > Wait: you're saying sometimes clicking that button should make you go > private, and sometimes it should make you go non-private? No way. > Clicking that button should *always* (at least try to) put you in > private mode. > > Or am I misunderstanding? I tend to configure people for 'require OTR', and thus never click. But you have a very good point; it's important the actions which might be reflexive match the user's intent. Right-click already lets you do this. I commented earlier that this isn't my real problem with 'finished'. It's that trying to send a message in finished just drops the message. I don't see any good reason why this shouldn't trigger negotiation just like sending a message when 'not private' (for peers set to require). I understand why, and agree, that it's horribly broken to send cleartext - but would like not to have to retype what I sent by mistake. From paul at cypherpunks.ca Fri Mar 16 14:10:24 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Fri, 16 Mar 2007 19:10:24 +0100 (CET) Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> References: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> Message-ID: On Fri, 16 Mar 2007, Ian Goldberg wrote: > On Thu, Mar 15, 2007 at 07:51:43PM -0400, Greg Troxel wrote: > > I agree that in state they-finished-we-haven't ('finished'), clicking > > should go to 'not private'. clicking again would of course try to > > negotiate. > > Wait: you're saying sometimes clicking that button should make you go > private, and sometimes it should make you go non-private? No way. > Clicking that button should *always* (at least try to) put you in > private mode. > > Or am I misunderstanding? No you are not :) The button can change appearances. As the button is right now, when the remote has finished the OTR session, the use of our button is counter-intuitive. This is not theoretical, this is happening to ME, and I know what OTR does for me much more then the average user. The problem is you are told "the user finished his OTR session with you, you should do the same". Since there is only ONE button available, my brain leaps to the conclusion "action is required, there is only one button, therefor hit it". While the correct action in this case is to RIGHT click and select "end private conversation". This is not good from a UI perspective. Though I understand the concerns from a cryptographic perspective. I understand your fear of the other end closing OTR, and us automatically following suit and accidentally sending something in the clear - though that could be avoided by defaulting to "never send something in the clear per default if we have an OTR key for this person", or simply demanding a confirmation to send in the clear after the event that the other end closed our secure communications. I also understand that the current behaviour is the most fail safe, though on many occasions I've restarted an OTR session by accident, while I had nothing to say to this person (they left after all, hence their closing), and restarted OTR to this person while the person had left his computer. It makes you wonder about the purpose of closing the OTR session at all. One reason is if the person goes to work, and has a non-OTR jabber client client, and the person is now logged in twice. If I have accidentally hit "refresh" to "end" the person's home connection, I'm now bombarding him with unreadable messages, another frequent mistake that happens to me, that would be mitigated a lot by having a text-only version of gaim-otr for those who cannot use an IM client with GUI in their daily business life :) So in short, my proposal would be: If remote send us a "finished OTR session with you" we should either a) automatically "end private conversation" BUT upon the first would-be plaintext message, block and require confirmation of user for unencrypted send, - OR - b) change the OTR button to "end private conversation" button. For b) the user can either: b1) click on "end button" - OTR button changes back to default familiar "Not private" button, AND optionally requires the user upon first non-private attempt at sending to confirm plaintext msg, - OR - b2) not click on "end" button and type - OTR button does not change, but there is no point attempting to send unreadable message, so refrain from sending garbage and attempt to init OTR before sending message. b3) not do anything and receive either: x) - OTR request, change button to normal button y) - plaintext, see b2) Does this make sense? Some of these issues are normally set by the buddy preferences, but we are missing the option to set the preference per instance of a buddy. eg Paul/HOME can be "must OTR", while Paul/WORK could be "may OTR". In practise, the one preference setting per total buddy doesnt work in practise. This also assumes that the only reason people click "end OTR session" is because they will reappear shortly elsewhere without OTR. I don't think there is another reason to do this. Because if I am talking to Ian via OTR, and Ian leaves for work and ends the session, me telling him anything will just restart the session and display the OTR protected text on his display anyway. No privacy is gained here. Paul From adam_zimmerman at sfu.ca Fri Mar 16 16:49:13 2007 From: adam_zimmerman at sfu.ca (Adam Zimmerman) Date: Fri, 16 Mar 2007 13:49:13 -0700 Subject: [OTR-users] default action for otr button when in "other end finished" state In-Reply-To: References: <20070316114059.GK31195@yoink.cs.uwaterloo.ca> Message-ID: <1174078153.5444.9.camel@midnight> On Fri, 2007-16-03 at 19:10 +0100, Paul Wouters wrote: > I understand your fear of the other end closing OTR, and us automatically > following suit and accidentally sending something in the clear - though > that could be avoided by defaulting to "never send something in the clear > per default if we have an OTR key for this person", There's an obvious counterexample to that solution, which I've noticed before. I have an AIM contact who uses Adium most of the time, and in those conversations, OTR works perfectly. But sometimes (not sure why) she uses the official AIM client, and so our conversations aren't protected. Your feature would prevent us from talking when that happens. > or simply demanding > a confirmation to send in the clear after the event that the other end > closed our secure communications. As long as there's a way to do it without a dialog, that sounds OK. One of my favourite features of newer gaim-otr versions is that there are very few dialog boxes to get in the way of my conversations. -- Adam Zimmerman CREATIVITY - http://mirrors.creativecommons.org/movingimages/Building_on_the_Past.mpg ALWAYS - http://www.musiccreators.ca/ BUILDS - http://www.ubuntu.com/ ON THE PAST - http://www.theopencd.org/ -- Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off. From mangylj at gmail.com Sat Mar 17 13:22:56 2007 From: mangylj at gmail.com (Mange) Date: Sat, 17 Mar 2007 18:22:56 +0100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? Message-ID: Hi, I've experienced a similar problem as this guy: http://lists.cypherpunks.ca/pipermail/otr-users/2006-July/000707.html He is using the AOL protocol, while I'm using Jabber, so it does not seem to be a problem with the protocol. Whenever I send my buddy a message through Gaim with OTR on, certain HTML tags (such as br) gets displayed, quotes and other special characters get HTML-encoded. It does not seem to be Gaim that is the problem, as this thread from the Gaim bug list discerns: https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1667227&group_id=235 I'm using the latest Gaim and gaim-otr-plugin on a Gentoo box. My buddy is using the latest (0.6.7) Miranda Unicode version on an XP box. Does anyone else have this problem, and why does it exist? :] Cheers, Mange From ian at cypherpunks.ca Sat Mar 17 16:39:00 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 17 Mar 2007 16:39:00 -0400 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: References: Message-ID: <20070317203900.GN31195@yoink.cs.uwaterloo.ca> On Sat, Mar 17, 2007 at 06:22:56PM +0100, Mange wrote: > Does anyone else have this problem, and why does it exist? :] It seems that Miranda is doing HTML-parsing before OTR-decoding, instead of after. The plaintext of OTR messages can contain HTML-esque markup, so the output of the OTR decryption is what needs to be parsed for tags. - Ian From mangylj at gmail.com Sun Mar 18 08:24:39 2007 From: mangylj at gmail.com (Mange) Date: Sun, 18 Mar 2007 13:24:39 +0100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: References: <20070317203900.GN31195@yoink.cs.uwaterloo.ca> Message-ID: Alright.. So the problem lies within the Miranda client or the Miranda otr-plugin? > On 3/17/07, Ian Goldberg wrote: > > On Sat, Mar 17, 2007 at 06:22:56PM +0100, Mange wrote: > > > Does anyone else have this problem, and why does it exist? :] > > > > It seems that Miranda is doing HTML-parsing before OTR-decoding, instead > > of after. The plaintext of OTR messages can contain HTML-esque markup, > > so the output of the OTR decryption is what needs to be parsed for tags. > > > > - Ian > > _______________________________________________ > > OTR-users mailing list > > OTR-users at lists.cypherpunks.ca > > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > > From ian at cypherpunks.ca Sun Mar 18 12:28:56 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 18 Mar 2007 12:28:56 -0400 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: References: <20070317203900.GN31195@yoink.cs.uwaterloo.ca> Message-ID: <20070318162856.GO31195@yoink.cs.uwaterloo.ca> On Sun, Mar 18, 2007 at 01:24:39PM +0100, Mange wrote: > Alright.. So the problem lies within the Miranda client or the Miranda > otr-plugin? Looks like it to me, though I can't tell which. - Ian From mail at scottellis.com.au Sun Mar 18 18:52:35 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Mon, 19 Mar 2007 09:52:35 +1100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <20070318162856.GO31195@yoink.cs.uwaterloo.ca> References: <20070317203900.GN31195@yoink.cs.uwaterloo.ca> <20070318162856.GO31195@yoink.cs.uwaterloo.ca> Message-ID: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> The miranda OTR plugin has the HTML removed from OTR messages, so that's not the issue. The miranda AIM plugin removes HTML tags after decryption. Perhaps your friend needs to update his AIM plugin? -------------- next part -------------- An HTML attachment was scrubbed... URL: From lostboy.public at gmail.com Sun Mar 18 22:59:35 2007 From: lostboy.public at gmail.com (Stephen Perdue) Date: Mon, 19 Mar 2007 11:59:35 +0900 Subject: [OTR-users] Is Encryption Limited to Text? Message-ID: Greetings all, Forgive what may seem a too obvious question. I read the OTR web page top to bottom, browsed the last year of the list archive, and scanned the less technical parts of the "Why Not To Use PGP" paper. Can OTR handle any data that's passed through it (e.g. video chat, file transfer), or is it limited specifically to text chat? The envisioned scenario is iChat + OTR proxy on an Intel MacBook at one end and Trillian Pro + OTR plug-in on WinXP at the other, but I'd welcome any insights outside those conditions as well. While I'm at it, it looks two people have reported issues running OTR Proxy on Intel MacBooks. Has anyone else had issues? Can anyone report smooth operation? If OTR is not suitable, any other suggestions for reasonably private video chat? (I use Skype now but find it a bit flakey.) I have no expectation of selective attack, just everyday privacy concerns. I can live without deniability/forgeability since I'm certainly beneath the interest of anyone with the resources to convincingly forge video. Thanks for reading my question, Stephen Perdue From ian at cypherpunks.ca Mon Mar 19 08:26:59 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 19 Mar 2007 08:26:59 -0400 Subject: [OTR-users] Is Encryption Limited to Text? In-Reply-To: References: Message-ID: <20070319122659.GA958@thunk.cs.uwaterloo.ca> On Mon, Mar 19, 2007 at 11:59:35AM +0900, Stephen Perdue wrote: > Greetings all, > > Forgive what may seem a too obvious question. I read the OTR web > page top to bottom, browsed the last year of the list archive, and > scanned the less technical parts of the "Why Not To Use PGP" paper. > > Can OTR handle any data that's passed through it (e.g. video chat, > file transfer), or is it limited specifically to text chat? > > The envisioned scenario is iChat + OTR proxy on an Intel MacBook at > one end and Trillian Pro + OTR plug-in on WinXP at the other, but I'd > welcome any insights outside those conditions as well. At this time, OTR only protects your IM messages, not video or file transfer. I believe Paul's trying to get someone to work on file transfer, but I don't know of anyone working on video. The same mechanism (use OTR to generate session keys, and encrypt/MAC with them, publish the MAC key later) would work for both; you may want to rotate keys now and again for a long video chat. But I have no idea what the video chat API looks like, since AFAIK, gaim doesn't support it yet. > While I'm at it, it looks two people have reported issues running OTR > Proxy on Intel MacBooks. Has anyone else had issues? Can anyone > report smooth operation? Some people reported that the Motorola code had issues on Intel machines under emulation, but others found it fine. Somebody posted a link to a native Intel binary, though, if I remember correctly. > If OTR is not suitable, any other suggestions for reasonably private > video chat? (I use Skype now but find it a bit flakey.) I have no > expectation of selective attack, just everyday privacy concerns. I > can live without deniability/forgeability since I'm certainly beneath > the interest of anyone with the resources to convincingly forge video. Back In The Day (the 90's), I used vic for video chat, which supported at least some encryption (DES at the time). I bet you'd be hard-pressed to get it to still work today, though. - Ian From senatorfrog at gmail.com Mon Mar 19 16:00:46 2007 From: senatorfrog at gmail.com (Mark Senior) Date: Mon, 19 Mar 2007 14:00:46 -0600 Subject: [OTR-users] Is Encryption Limited to Text? In-Reply-To: References: Message-ID: <70f230c70703191300t510deae5ib215cf1e1ea1d51c@mail.gmail.com> On 3/18/07, Stephen Perdue wrote: > Can OTR handle any data that's passed through it (e.g. video chat, > file transfer), or is it limited specifically to text chat? > You might want to check out zfone. It seems to work well with iChat voice & video chat. There's no iChat configuration needed for the proxy piece - it actually uses divert sockets at the firewall layer (which can lead to puzzling results if you have your own firewall script). Note though that's it's gratis but not libre - you have to jump through some silly hoops to get the download, source is unavailable, and the license doesn't let you redistribute. Mark From mangylj at gmail.com Mon Mar 19 17:31:29 2007 From: mangylj at gmail.com (Mang Ylj) Date: Mon, 19 Mar 2007 22:31:29 +0100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> References: <20070317203900.GN31195@yoink.cs.uwaterloo.ca> <20070318162856.GO31195@yoink.cs.uwaterloo.ca> <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> Message-ID: Well, I'm not using AIM at all, I'm using Jabber. Are you certain that the Miranda OTR plugin removes all the HTML formatting from OTR messages? And why do you know this? :] It would mean that it would be impossible to send formatted text (for example colored or bold) across an OTR discussion. On 3/18/07, Scott Ellis wrote: > > The miranda OTR plugin has the HTML removed from OTR messages, so that's > not the issue. > > The miranda AIM plugin removes HTML tags after decryption. > > Perhaps your friend needs to update his AIM plugin? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From readytogo2 at freenet.de Tue Mar 20 08:17:13 2007 From: readytogo2 at freenet.de (readytogo2) Date: Tue, 20 Mar 2007 13:17:13 +0100 Subject: [OTR-users] Is Encryption Limited to Text? In-Reply-To: <20070319122659.GA958@thunk.cs.uwaterloo.ca> References: <20070319122659.GA958@thunk.cs.uwaterloo.ca> Message-ID: <45FFD0C9.6060708@freenet.de> Ian Goldberg schrieb: > At this time, OTR only protects your IM messages, not video or file > transfer. I believe Paul's trying to get someone to work on file > transfer, but I don't know of anyone working on video. The same > mechanism (use OTR to generate session keys, and encrypt/MAC with them, > publish the MAC key later) would work for both; you may want to rotate > keys now and again for a long video chat. But I have no idea what the > video chat API looks like, since AFAIK, gaim doesn't support it yet. Video chat is not that important (just right now!) imho. But files and also voice are! There is currently really no way to have encrypted pc to pc calls for everyone (Ok, there is Zfone but it is still beta. Beta means really beta, it`s not working very well.). That`s really sad. For everyone means - works for most important operating systems such as windows and linux, decent and out of the box like gaim/otr. From mail at scottellis.com.au Thu Mar 22 02:08:58 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Thu, 22 Mar 2007 17:08:58 +1100 Subject: Fwd: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> References: <20070318162856.GO31195@yoink.cs.uwaterloo.ca> <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> Message-ID: <96e269140703212308m5b859074j1edeefe2eae54f44@mail.gmail.com> ---------- Forwarded message ---------- From: Scott Ellis Date: Mar 22, 2007 9:28 AM Subject: Re: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? To: Mange "He is using the AOL protocol, while I'm using Jabber, so it does not seem to be a problem with the protocol." Sorry, that sentence from your first post confused me :) I have forwarded your query to the miranda jabber dev. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mail at scottellis.com.au Thu Mar 22 02:09:14 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Thu, 22 Mar 2007 17:09:14 +1100 Subject: Fwd: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> References: <20070318162856.GO31195@yoink.cs.uwaterloo.ca> <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> Message-ID: <96e269140703212309y7152e08cpf6bb657a7faae28f@mail.gmail.com> Hi response was: "It's still a problem of the GAIM's OTR plugin ;-P" You will generally only notice such problems on Miranda, since Gaim supports HTML in the message windows, whereas Miranda does not. As far as I know, even the Jabber protocol specification does not support HTML entites in messages - only AIM does - so Gaim should be removing these entities before sending the messages (as it does when OTR is not used). -------------- next part -------------- An HTML attachment was scrubbed... URL: From mangylj at gmail.com Thu Mar 22 05:38:07 2007 From: mangylj at gmail.com (Mange) Date: Thu, 22 Mar 2007 10:38:07 +0100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> References: <20070318162856.GO31195@yoink.cs.uwaterloo.ca> <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> Message-ID: Hugabuga? :] I'm seriously confused now. The guy on the Gaim buglist said: "Yes, I believe I have seen this before, and that is why I asked about third-party plugins. Try unloading OTR, and see if the problem is fixed. If it is, you can take it up with the OTR people. Ethan" But if I've understood things right, now the conclusion is: The problem *is* with the Gaim -client-. Not with the Gaim OTR plugin, not with Miranda or with the Miranda plugin? The Gaim client should strip HTML entities from any Jabber message before it encrypts the message with OTR, and it does not..? But Gaim *does* strip the HTML properly when OTR is not used...? (0_o) On 3/22/07, Scott Ellis wrote: > Hi response was: > > "It's still a problem of the GAIM's OTR plugin ;-P" > > You will generally only notice such problems on Miranda, since Gaim supports HTML in the message windows, whereas Miranda does not. As far as I know, even the Jabber protocol specification does not support HTML entites in messages - only AIM does - so Gaim should be removing these entities before sending the messages (as it does when OTR is not used). > From mail at scottellis.com.au Thu Mar 22 08:09:52 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Thu, 22 Mar 2007 23:09:52 +1100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: References: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> Message-ID: <96e269140703220509o5da246dbx9bf992fc876e0f26@mail.gmail.com> yeah, you have to try to convince everyone to have a look :) i only know that the problem is not with the miranda OTR plugin - since it does provide an oportunity for protocol plugins to remove HTML tags, and this is tried and tested with the implementation used by the miranda AIMOSCAR plugin i am tempted to trust the miranda Jabber plugin dev, as i've worked with him a few times and trust his judgement. he is also the head developer of the miranda project the job of the gaim OTR plugin is pretty simple - so my guess is that the problem is with the gaim client :) with miranda AIM, the plugin needs to access the messages twice - the protocol handles the network communications and so has to read the message, and then pass it through OTR - then it needs to get the message again to strip HTML before passing it on to the user. the reverse happens when sending i don't beleive the jabber plugin for miranda does that, because i think HTML entities in messages are outside of the jabber protocol specification (someone please correct me if i'm wrong). so the gaim client should be stripping them before passing them to OTR when sending. i would guess that even if they are allowed, they would need to be encoded in some way to appear in the XML that jabber uses - which needs to be done before encryption - and that's not happening if you're seeing them in miranda (since miranda is not decoding them). On 3/22/07, Mange wrote: > > Hugabuga? :] > > I'm seriously confused now. > > The guy on the Gaim buglist said: > > "Yes, I believe I have seen this before, and that is why I asked about > third-party plugins. Try unloading OTR, and see if the problem is fixed. > If it is, you can take it up with the OTR people. > > Ethan" > > But if I've understood things right, now the conclusion is: > The problem *is* with the Gaim -client-. Not with the Gaim OTR plugin, > not with Miranda or with the Miranda plugin? > > The Gaim client should strip HTML entities from any Jabber message > before it encrypts the message with OTR, and it does not..? > But Gaim *does* strip the HTML properly when OTR is not used...? > > (0_o) > > On 3/22/07, Scott Ellis wrote: > > Hi response was: > > > > "It's still a problem of the GAIM's OTR plugin ;-P" > > > > You will generally only notice such problems on Miranda, since Gaim > supports HTML in the message windows, whereas Miranda does not. As far as I > know, even the Jabber protocol specification does not support HTML entites > in messages - only AIM does - so Gaim should be removing these entities > before sending the messages (as it does when OTR is not used). > > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Thu Mar 22 10:25:26 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 22 Mar 2007 10:25:26 -0400 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703220509o5da246dbx9bf992fc876e0f26@mail.gmail.com> References: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> <96e269140703220509o5da246dbx9bf992fc876e0f26@mail.gmail.com> Message-ID: <20070322142526.GE23856@thunk.cs.uwaterloo.ca> On Thu, Mar 22, 2007 at 11:09:52PM +1100, Scott Ellis wrote: > i don't beleive the jabber plugin for miranda does that, because i think > HTML entities in messages are outside of the jabber protocol specification > (someone please correct me if i'm wrong). so the gaim client should be > stripping them before passing them to OTR when sending. i would guess that > even if they are allowed, they would need to be encoded in some way to > appear in the XML that jabber uses - which needs to be done before > encryption - and that's not happening if you're seeing them in miranda > (since miranda is not decoding them). Here's what's happening: - Jabber messages are composed of two parts: a "marked up" part (optional) with all the usual HTML bold, font, etc. tags, and a "plain" part (mandatory) with all that stuff stripped. - Gaim will strip HTML tags from the message the user composes, and put the result in the "plain" part, and the original message in the "marked up" part. - When OTR is in use, gaim passes the marked up text to OTR for encryption. OTR outputs the ciphertext, which has no markup. *This is according to the OTR spec, which says that the plaintext of messages can have HTML markup in it.* So the same ciphertext gets put in both the "marked up" and "plain" parts of the Jabber message. - Miranda only looks at the "plain" part, and (rightly) doesn't expect it to contain markup. It passes the ciphertext to OTR for decryption, but then fails to take into account that OTR plaintext *is* allowed to contain markup. If it really doesn't want to display the markup, it'll need to use the same function the Miranda AIM plugin uses to remove the markup from the plaintext before displaying it. So it seems the solution is for the Miranda OTR plugin to strip HTML tags from the decrypted plaintext for those protocols that don't want to handle them; from what I understand, it already does that for AIM (with the cooperation of the AIM plugin), so either convince the Jabber plugin to do the same thing, or just have the OTR plugin automatically do it. Hope that clears things up, - Ian From mail at scottellis.com.au Thu Mar 22 11:58:06 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Fri, 23 Mar 2007 02:58:06 +1100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <20070322142526.GE23856@thunk.cs.uwaterloo.ca> References: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703191617h2af85e1fod68cd6c46610ab1c@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> <96e269140703220509o5da246dbx9bf992fc876e0f26@mail.gmail.com> <20070322142526.GE23856@thunk.cs.uwaterloo.ca> Message-ID: <96e269140703220858r419854bbpc39e1e11b2e2eb33@mail.gmail.com> Nope :) I posted on the dev list. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mangylj at gmail.com Thu Mar 22 15:08:13 2007 From: mangylj at gmail.com (Mange) Date: Thu, 22 Mar 2007 20:08:13 +0100 Subject: [OTR-users] OTR HTML formatting problem using Miranda/Gaim/more? In-Reply-To: <96e269140703220858r419854bbpc39e1e11b2e2eb33@mail.gmail.com> References: <96e269140703181552r36b9a87dp15e84c0c72ecca39@mail.gmail.com> <96e269140703201515y66935b78r96c3083d9656c37a@mail.gmail.com> <96e269140703211528y60c3c686g1bfd9b7c94f88a9f@mail.gmail.com> <96e269140703212307s32f3012g48d17fa67f5739b6@mail.gmail.com> <96e269140703220509o5da246dbx9bf992fc876e0f26@mail.gmail.com> <20070322142526.GE23856@thunk.cs.uwaterloo.ca> <96e269140703220858r419854bbpc39e1e11b2e2eb33@mail.gmail.com> Message-ID: Well, alright.. I sort of understood 4/9 of all that, but I suppose it's a cracking issue now. :] Ty for all the info and help. From kiki9 at gmx.net Wed Mar 28 15:54:36 2007 From: kiki9 at gmx.net (Franz Bayer) Date: Wed, 28 Mar 2007 21:54:36 +0200 Subject: [OTR-users] Authentication question Message-ID: <20070328195436.121960@gmx.net> hi, is there a way to make sure that the one im chatting with is really the person i want to talk to? how to find out if someone other than him is sitting at his pc? with pgp or gnupg i can be sure cause only he can enter the right private key password. is there a password or something like this in otr too? also i have seen that the private key is stored in /home/me/.gaim just in clear text format. is this a security risk? how often is it changed (in case of trojan e.g.) ? thanks for answers! greets kiki9 -- "Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ... Jetzt GMX ProMail testen: http://www.gmx.net/de/go/promail From ian at cypherpunks.ca Wed Mar 28 18:26:52 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 28 Mar 2007 18:26:52 -0400 Subject: [OTR-users] Authentication question In-Reply-To: <20070328195436.121960@gmx.net> References: <20070328195436.121960@gmx.net> Message-ID: <20070328222652.GR5791@yoink.cs.uwaterloo.ca> On Wed, Mar 28, 2007 at 09:54:36PM +0200, Franz Bayer wrote: > hi, > > is there a way to make sure that the one im chatting with is really > the person i want to talk to? how to find out if someone other than > him is sitting at his pc? > > with pgp or gnupg i can be sure cause only he can enter the right > private key password. is there a password or something like this in > otr too? > > also i have seen that the private key is stored in /home/me/.gaim just > in clear text format. is this a security risk? how often is it changed > (in case of trojan e.g.) ? Right now, it's assumed that your computer is secure from things like trojans. If it's not, you're hosed no matter what you do. Changing or encrypting keys can't protect you. Optionally encrypting the otr files is something we're thinking about, but it has to be optional, and off by default. Without serious client-side support like proximity sensors and RFID tags, you're unlikely to be able to tell when the "real" user wanders away from his machine, and someone else wanders up to it, of course. ;-) - Ian From metal_gandalf at web.de Fri Mar 30 10:19:02 2007 From: metal_gandalf at web.de (Bastian Modauer) Date: Fri, 30 Mar 2007 16:19:02 +0200 Subject: [OTR-users] Miranda-OTR-Plugin and ICQ-OTR-Proxy? Message-ID: <638558906@web.de> hey @ all i have two icq-accounts: one is running with miranda + otr-plugin on my laptop. the other is running on my pc with icq 5.1 + otr-proxy. if i want to start a private connection with these both accounts, i only get a failure-message. if i now run the first account with icq 5.1 + otr-proxy too, the private connections works fine. icq + proxy <---> icq + proxy = works miranda + plugin <---> miranda + plugin = works icq + proxy <---> miranda + plugin = doesn't work it seems like the otr-proxy for icq and the otr-plugin for miranda aren't compatible?! or am i just doing something wrong? now i have to run miranda with the otr-proxy, although there is a smart plugin for it?!?!? i mean the otr-plugin for miranda is much easier to install and run as the otr-proxy, where i have to set the proxy and let the otr-proxy-window open (or minimized in the taskbar). (miranda-plugin: http://addons.miranda-im.org/details.php?action=viewfile&id=2644 otr-proxy is from the cypherpunks-homepage) it's really annoying... i hope that somebody can help me or just give me the reason why it doesn't work :( _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 From marti at juffo.org Fri Mar 30 19:28:20 2007 From: marti at juffo.org (Marti Raudsepp) Date: Sat, 31 Mar 2007 02:28:20 +0300 Subject: [OTR-users] Miranda-OTR-Plugin and ICQ-OTR-Proxy? In-Reply-To: <638558906@web.de> References: <638558906@web.de> Message-ID: <2a12af650703301628o425f3993j28a157beb35693ba@mail.gmail.com> On 3/30/07, Bastian Modauer wrote: > it seems like the otr-proxy for icq and the otr-plugin for miranda > aren't compatible?! Should work by all means. > if i want to start a private connection with these both accounts, > i only get a failure-message. Well, what's the message? Marti From metal_gandalf at web.de Fri Mar 30 22:37:57 2007 From: metal_gandalf at web.de (Bastian Modauer) Date: Sat, 31 Mar 2007 04:37:57 +0200 Subject: [OTR-users] Miranda-OTR-Plugin and ICQ-OTR-Proxy? Message-ID: <639281218@web.de> >> it seems like the otr-proxy for icq and the otr-plugin for miranda >> aren't compatible?! > Should work by all means. >> if i want to start a private connection with these both accounts, >> i only get a failure-message. > Well, what's the message? type a message in miranda's conversation-window ("test" or something else) and send it, then it appears in icq 5.1, but the otr-proxy at the icq-pc doesn't show any private connection. so i think this message isn't encrypted. type a message in icq's conversation-window and send it, then it appears in miranda, but in icq it throws a message like this: "?OTR:AAICAAAAxElr3FDowie0iaHsxQKuNUhunCZmgrk3t7SNrTH6G49nPIoWKnzJYDL6JY7t8wjgDyVTTt5Y52zFjN2v0w7ImX6agI3ll/CX8Coj7e/iH2//QUQPIxhkVCzYGIYznmXqUCPO9GD10rMc9HINTn+IShNC7lsIJEBjdeRST08f6YAHB8dJ9PgiMr0DNcTesUDmOCHqfYpX6EB9Pm1yB6cSvYAo516vIEOL18/iNF9bvITnfMQ9Ae2CExG8r5sSPOkkOP0CjwoAAAAgZFO8xkhzzjU8G13EJjDAHqz4bAuiqGgcQP8p7LIJyJw=." the same behaviour, when i doubleclick the miranda-contact-number in the otr-proxy-window at the icq-pc and click "start private connection". miranda's otr-plugin is set to "opportunistic". icq's otr-proxy is set to "enable private messaging" and "automatically initiate..." (i think it's the same as opportunistic?!) i have tried to disable "automatically...". the messages aren't encrypted (so it's just a normal dialog) and when i click on "start private connection" it throws this "?OTR:..." again. _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 From ian at cypherpunks.ca Sat Mar 31 19:18:18 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 31 Mar 2007 19:18:18 -0400 Subject: [OTR-users] Miranda-OTR-Plugin and ICQ-OTR-Proxy? In-Reply-To: <639281218@web.de> References: <639281218@web.de> Message-ID: <20070331231818.GF5791@yoink.cs.uwaterloo.ca> On Sat, Mar 31, 2007 at 04:37:57AM +0200, Bastian Modauer wrote: > >> it seems like the otr-proxy for icq and the otr-plugin for miranda > >> aren't compatible?! > > > Should work by all means. > > >> if i want to start a private connection with these both accounts, > >> i only get a failure-message. > > > Well, what's the message? > > type a message in miranda's conversation-window ("test" or something else) and send it, > then it appears in icq 5.1, but the otr-proxy at the icq-pc doesn't show any private connection. > so i think this message isn't encrypted. > > type a message in icq's conversation-window and send it, > then it appears in miranda, but in icq it throws a message like this: > "?OTR:AAICAAAAxElr3FDowie0iaHsxQKuNUhunCZmgrk3t7SNrTH6G49nPIoWKnzJYDL6JY7t8wjgDyVTTt5Y52zFjN2v0w7ImX6agI3ll/CX8Coj7e/iH2//QUQPIxhkVCzYGIYznmXqUCPO9GD10rMc9HINTn+IShNC7lsIJEBjdeRST08f6YAHB8dJ9PgiMr0DNcTesUDmOCHqfYpX6EB9Pm1yB6cSvYAo516vIEOL18/iNF9bvITnfMQ9Ae2CExG8r5sSPOkkOP0CjwoAAAAgZFO8xkhzzjU8G13EJjDAHqz4bAuiqGgcQP8p7LIJyJw=." It sounds like the otr proxy isn't recognizing the message on the wire. I suppose it's possible that the ICQ protocol has changed (I know gaim recently split the AIM and ICQ protocols, which used to be the same). But you say OTR works with icq+proxy <-> icq+proxy, so that doesn't seem right either. It definitely sounds like the problem is on the icq+proxy end, though, and not the Miranda+plugin end. You're positive you've got the icq program configured correctly to talk to the proxy? [Here's an easy way to check: when you're logged into ICQ via the proxy, kill the proxy program. Your ICQ program should complain that you've been disconnected. If it doesn't, icq wasn't configured to talk to the proxy.] And just to be sure, you're using otrproxy version 0.3.1, right? Not 0.3.0 or 0.2.x? - Ian