From otr@spectralmud.org Mon Jun 2 03:37:05 2008 From: otr@spectralmud.org (Richard Salts) Date: Mon, 2 Jun 2008 12:37:05 +1000 Subject: [OTR-users] OTR and multiple locations Message-ID: <200806021237.06034.otr@spectralmud.org> I leave my jabber account logged on with 2 resources, one at home and one at work. Whenever someone tries to send me an otr message and initiate a secure conversation it causes a loop between both clients answering with different public keys. The conversation window looks something like this: (18:53:13) Error setting up private conversation: Malformed message received (18:53:13) We received an unreadable encrypted message from teamplayer@blatantporn.com. (18:53:15) Error setting up private conversation: Malformed message received (18:53:15) We received an unreadable encrypted message from teamplayer@blatantporn.com. (18:53:17) Error setting up private conversation: Malformed message received (18:53:18) We received an unreadable encrypted message from teamplayer@blatantporn.com. (18:53:21) Attempting to refresh the private conversation with teamplayer@blatantporn.com/GaimB6EB6B1E... (18:53:22) Error setting up private conversation: Malformed message received I'm wondering the best workaround for this. From gdt@ir.bbn.com Mon Jun 2 13:57:07 2008 From: gdt@ir.bbn.com (Greg Troxel) Date: Mon, 02 Jun 2008 08:57:07 -0400 Subject: [OTR-users] OTR and multiple locations In-Reply-To: <200806021237.06034.otr@spectralmud.org> (Richard Salts's message of "Mon, 2 Jun 2008 12:37:05 +1000") References: <200806021237.06034.otr@spectralmud.org> Message-ID: I leave my jabber account logged on with 2 resources, one at home and one at work. Whenever someone tries to send me an otr message and initiate a secure conversation it causes a loop between both clients answering with different public keys. The conversation window looks something like this: I'm wondering the best workaround for this. Log out of the one you are not at. Back when I was young, we had to share VT52s, and we logged out when we were done! From js-otrim@webkeks.org Mon Jun 2 14:57:29 2008 From: js-otrim@webkeks.org (Jonathan Schleifer) Date: Mon, 2 Jun 2008 15:57:29 +0200 Subject: [OTR-users] OTR and multiple locations In-Reply-To: <200806021237.06034.otr@spectralmud.org> References: <200806021237.06034.otr@spectralmud.org> Message-ID: <20080602155729.2103a437@webkeks.org> --Sig_/Wyem3F+QyamA_rwha3e+7KQ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Fix your resource priorities. Or tell the user to explicitly send to one resource. Auto-adjusting the resource priority to the status is a good idea and nearly every client supports that. In Jabber, a message always gets to the highest resource when sent to the bare JID. If there is no highest resource because for example two habe the same, it is sent to all that share the highest resource. For example, A is 50, B is 50 and C is 30, A and B will get the message when sent to the bare JID. --=20 Jonathan --Sig_/Wyem3F+QyamA_rwha3e+7KQ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- iQIcBAEBAwAGBQJIQ/xNAAoJEMtRg9d5cXHkTGYP/RBsvfyIoeTL2WaNtAlyQ67M RJzZTHSoNIpGkS58atsUhuz7qgu3IvUVsSlECDWnYvt1d+1nsn5/e8pwpBSzyWD0 pmtqdXZPVC7nR1EeZYOFiAhyKLKpMvMzPVQrC5Iqeh1IV6TYt/cfWtsAgf86USf0 ZBEZG74o0MeG9kYmtDIgkc6umT2+zEL/6B97LL6ayMKuosFyhK0TYxhMqLzei896 9OHxfWzz/iIojpqunR34CthZE9apK2o2mDw8fBPOsWPG2a17Bn8lAJu+Vm7O4rZF zHOW9+4qebGTbISOUy9EP6LMmQjvBVyBWRZ3hFuOi3T4Z8AzpZScWUDEK7RcpT+b rkKbVDwAoBkffAVAsYsyfhmV0su6VLsiCQaHEqvL5H/c5nKT3zURbH07saGF/Nfu 0gsmLCBcEsPl3kTmSEPhsakf2RBnjIEqYBI2CKMgurT/m55IlghySem0Gheo/kdY oQcx6WrpzteUA61uqV8gOIbKJ3dQ3CSdlGTrVBdTRholsBu+Ymli8/ZVoHepGu8Z sMGYBWmEl6r13DoSOXcqNb7gY5nuMPxZPIAdpAHjkU49/c/jpbiJkwyMNvFd580g ViP3b2jdcBGU3n+HF73NKjlewfQLW1dbGpqm14IE6Zs7v/WCpJW6yug5OLUQAnKZ a3TRErEprON0KX6899/0 =A8Bk -----END PGP SIGNATURE----- --Sig_/Wyem3F+QyamA_rwha3e+7KQ-- From alexander.buchner@gmx.de Mon Jun 2 17:27:51 2008 From: alexander.buchner@gmx.de (Alexander Buchner) Date: Mon, 02 Jun 2008 18:27:51 +0200 Subject: [OTR-users] OTR and multiple locations In-Reply-To: <20080602155729.2103a437@webkeks.org> References: <200806021237.06034.otr@spectralmud.org> <20080602155729.2103a437@webkeks.org> Message-ID: <48441F87.6020205@gmx.de> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4CA72C0B96319AE1F6AE8E01 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Jonathan Schleifer wrote: > Fix your resource priorities. Or tell the user to explicitly send to > one resource. Auto-adjusting the resource priority to the status is a > good idea and nearly every client supports that. > In Jabber, a message always gets to the highest resource when sent to > the bare JID. If there is no highest resource because for example two > habe the same, it is sent to all that share the highest resource. For > example, A is 50, B is 50 and C is 30, A and B will get the message > when sent to the bare JID. >=20 Couldn't he just use the same key at both places? --=20 Mein =C3=B6ffentlicher PGP-Key: http://www.rzuser.uni-heidelberg.de/~abuchner/pgp.asc --------------enig4CA72C0B96319AE1F6AE8E01 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJIRB+OAAoJEByY8i5PPbAiGCYQAJ3i+Xl7w0bAVW99twuFyIL+ 8DLusn4Tmmgokna0Yz6SpI785i/Je2PKBkQehChOTLCKsww5XCNIQ/Jhzj9C8AMd JIErgMuv1l5cWx96WavocWNewn2BAS+/may02M2LG1lydAN9Q4skL40+wPqKixoC QX4KZXHGky1AHsDq3nDdeuvhm/4iEQQPWSb0d5R0WPpOMMKXDr/qOA348WBsAroL lNugo9yWoXCtGp4gpPMvwhqviUJ8OlggDEu/cFHx68z3rx3kShlnBI/FQmTDctP4 Ojg1RiHN/XAiCortU0xY/MP2b9RZR5ASFBsUT2VcVYZDdNWOaLSTGjklYwmbBSRl dQdbLFbGkxxgg/C3CDu58ir4INBHyEfQ91YYrTT4SusiTR06REPt62Yq1zBoWFN8 c0aOrAtBwYaoMgj5Z055lS3JDk3Tw82GqXQM6S55cu5C2v+yHTCnupHjx7WST0X+ 3NcqzHcBCdQ7DrvCf08+kXb+POuxXPbUmNIqpZgN1MjvTkI4tgG6QgTQh7X5Qm8D dCrEbAAJSr63SVy7ZqSm0zzCwcGYguC1U8mxcXhYwHpaAz+Ytv1OnBUxCcqqeqem 9N5kMvwVuKRgPpoVM56MKEwotTYEOAoTgaPz8Ig14TBZdrzmUtjHPrmUKwke5n7Y 4a65AUEicI4nVyet1qXq =V+M1 -----END PGP SIGNATURE----- --------------enig4CA72C0B96319AE1F6AE8E01-- From js-otrim@webkeks.org Mon Jun 2 18:20:46 2008 From: js-otrim@webkeks.org (Jonathan Schleifer) Date: Mon, 2 Jun 2008 19:20:46 +0200 Subject: [OTR-users] OTR and multiple locations In-Reply-To: <48441F87.6020205@gmx.de> References: <200806021237.06034.otr@spectralmud.org> <20080602155729.2103a437@webkeks.org> <48441F87.6020205@gmx.de> Message-ID: <20080602192046.1335ad9e@webkeks.org> --Sig_/p4nCTcRvqCNP+Xw5Pxa_6lV Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Alexander Buchner wrote: > Couldn't he just use the same key at both places? No, because OTR is a state machine. The other client wouldn't expect encrypted data. --=20 Jonathan --Sig_/p4nCTcRvqCNP+Xw5Pxa_6lV Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- iQIcBAEBAwAGBQJIRCvxAAoJEMtRg9d5cXHkuUUP/05dbtMwlx7SG2IXUI9Q3NIs zcrZ6A7+3zcLIIRR/S1Q8oxtIz8apqLc2PvO6j8NiHHxCgH4fFAPOhMi6yp757yT r3jJKF0RxQJUnM7VNw1NCxBB6EThGWH1rkaUaU4H5TQ1ohrLfhL2JhzkbFqhS/u1 Fmw0pl9lBW77EGDHzrplhseIvTWZkHUIgsXoL84lAr30fpjLrLwCXsI001zOjXRi F42tOADUSUrewmPqlzwafQK78RlVZv8kaK2e9yhNj0H0ZfEd4faJM2+l/F9RzNOA 9miwsjpyoWfDv8U9SYqn+I8/0fsw+fREXFoMl34tvLdlhZJWRt8SMhnutMee8gj0 GuMmWUeza+822jhnddnyC3AkZejBPx7e2FeGJU/Ft1bFtOiinrHrtNFChQDAPmus KZug1lXWjvGlkCvoX1z2OjwmcIp9ROt6vvljY73nNKUyPlfym5d1HW8EJc84enma DsPEzT6B4ISmqJR+Qw5nxPhRaumadteFQKPGJxa54FZcWdsmm3AgGw5pmnztd0hG y/pznbqmWa1dVPxPIV1p1qaVJEM2vhpyVFSWGBITIWleXHB1Qfeqcm7pkOeG4dQA UFKFpRp7/Vhl/6+mG5eRm0WaJ6RYjl6T57hy88/hFXkIsV4ppH14+32HsnhiDSBH VRD+B/OPPzk9lMIbTWCj =cl2N -----END PGP SIGNATURE----- --Sig_/p4nCTcRvqCNP+Xw5Pxa_6lV-- From ian@cypherpunks.ca Tue Jun 3 13:48:30 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Tue, 3 Jun 2008 08:48:30 -0400 Subject: [OTR-users] OTR and multiple locations In-Reply-To: <20080602192046.1335ad9e@webkeks.org> References: <200806021237.06034.otr@spectralmud.org> <20080602155729.2103a437@webkeks.org> <48441F87.6020205@gmx.de> <20080602192046.1335ad9e@webkeks.org> Message-ID: <20080603124830.GE28058@thunk.cs.uwaterloo.ca> On Mon, Jun 02, 2008 at 07:20:46PM +0200, Jonathan Schleifer wrote: > Alexander Buchner wrote: > > > Couldn't he just use the same key at both places? > > No, because OTR is a state machine. The other client wouldn't expect > encrypted data. Not to mention that the "shared key" would only be a shared authentication key. For security and privacy reasons, encryption keys are extremely short-lived, and never stored on disk at all, let alone shared. This all having been said, the "multiple logins" problem is one that's been bothering us for a really long time, and I'm happy to say that we've now got someone working on fixing exactly that issue. It won't be in the (imminent) 3.2.0 release, but will almost certainly be in v4. - Ian From paul@cypherpunks.ca Mon Jun 9 04:24:03 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Sun, 8 Jun 2008 23:24:03 -0400 (EDT) Subject: [OTR-users] OTR with PortableApps.com Pidgin In-Reply-To: <4832A38D.3070802@rant-central.com> References: <3869c3f00805200030m2855fc09l545a09f1a1f548b3@mail.gmail.com> <4832A38D.3070802@rant-central.com> Message-ID: > Check out the OTR-Portable installer. > http://sourceforge.net/project/showfiles.php?group_id=151265 Too bad it is binary only, with no source on sourceforce or portableapps.com, so that I cannot fold back the changes they made in the .nsi file back into the release for future portable releases..... Paul From marti@juffo.org Mon Jun 9 09:37:55 2008 From: marti@juffo.org (Marti Raudsepp) Date: Mon, 9 Jun 2008 11:37:55 +0300 Subject: [OTR-users] OTR with PortableApps.com Pidgin In-Reply-To: References: <3869c3f00805200030m2855fc09l545a09f1a1f548b3@mail.gmail.com> <4832A38D.3070802@rant-central.com> Message-ID: <54b33ccd0806090137h2a8d21bfv55bd51cb8ecc7761@mail.gmail.com> On Mon, Jun 9, 2008 at 6:24 AM, Paul Wouters wrote: > Too bad it is binary only, with no source on sourceforce or portableapps.com, Sure you can? Pidgin is GPL and OTR is LGPL. If they aren't giving away the source then you are entitled to ask for it. Marti From felix_schaefers@web.de Mon Jun 9 09:47:47 2008 From: felix_schaefers@web.de (FS) Date: Mon, 9 Jun 2008 10:47:47 +0200 Subject: [OTR-users] OTR with PortableApps.com Pidgin In-Reply-To: <54b33ccd0806090137h2a8d21bfv55bd51cb8ecc7761@mail.gmail.com> References: <3869c3f00805200030m2855fc09l545a09f1a1f548b3@mail.gmail.com> <4832A38D.3070802@rant-central.com> <54b33ccd0806090137h2a8d21bfv55bd51cb8ecc7761@mail.gmail.com> Message-ID: Well, since several versions now the download from portableapps.com is no longer necessary, all you need to do is to rename the file in pidgin-portable.exe http://developer.pidgin.im/wiki/Using%20Pidgin#RunningWindowsPidginFromaUSBDrivePortableMode As a consequence, all you need is the "normal" pidgin source-code :) 2008/6/9, Marti Raudsepp : > On Mon, Jun 9, 2008 at 6:24 AM, Paul Wouters wrote: > > Too bad it is binary only, with no source on sourceforce or portableapps.com, > > > Sure you can? Pidgin is GPL and OTR is LGPL. If they aren't giving > away the source then you are entitled to ask for it. > > > Marti > > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From michael_reichenbach@freenet.de Mon Jun 9 23:45:37 2008 From: michael_reichenbach@freenet.de (Michael Reichenbach) Date: Tue, 10 Jun 2008 00:45:37 +0200 Subject: [OTR-users] OTR with PortableApps.com Pidgin In-Reply-To: References: <3869c3f00805200030m2855fc09l545a09f1a1f548b3@mail.gmail.com> <4832A38D.3070802@rant-central.com> Message-ID: <484DB291.3000703@freenet.de> Paul Wouters schrieb: > >> Check out the OTR-Portable installer. >> http://sourceforge.net/project/showfiles.php?group_id=151265 > > Too bad it is binary only, with no source on sourceforce or portableapps.com, > so that I cannot fold back the changes they made in the .nsi file back into > the release for future portable releases..... > > Paul > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > Hello! Normally JTH (the owner of portableapps) is strictly following laws and licenses and such. If there is really no source I think he has just forgotten. I recommend to post in the forums and I am pretty sure he will not post something of his own creations on his site as closed source. -mr From tatuportin@gmail.com Fri Jun 13 16:35:58 2008 From: tatuportin@gmail.com (Tatu Portin) Date: Fri, 13 Jun 2008 18:35:58 +0300 Subject: [OTR-users] about how the otr works (what if password get stolen) Message-ID: <1213371359.21640.5.camel@tatu.tampereenpuhelin.net> So, I would like to get a bit clarification... Now I think that OTR works by encryping the current conversation, so that other's can't see... what if someone uses the same computer, having pass and login for the im account? But I guess it prevent such happening, if he steal your username and pass, and try use by his own computer.. because if he hasn't stolen the private key, he can't indentify as the original person. So if someone takes your private key, username, and password, and logins to your im account from different computer, he can show up as you, for the OTR of the person he wants talk to? From paul@cypherpunks.ca Fri Jun 13 18:09:27 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Fri, 13 Jun 2008 13:09:27 -0400 (EDT) Subject: [OTR-users] about how the otr works (what if password get stolen) In-Reply-To: <1213371359.21640.5.camel@tatu.tampereenpuhelin.net> References: <1213371359.21640.5.camel@tatu.tampereenpuhelin.net> Message-ID: > So if someone takes your private key, username, and password, > and logins to your im account from different computer, he can show up as > you, for the OTR of the person he wants talk to? Yes. Paul From esurnir@gmail.com Sun Jun 15 20:31:15 2008 From: esurnir@gmail.com (Jean-Baptiste Zeller) Date: Sun, 15 Jun 2008 15:31:15 -0400 Subject: [OTR-users] about how the otr works (what if password get stolen) In-Reply-To: <1213371359.21640.5.camel@tatu.tampereenpuhelin.net> References: <1213371359.21640.5.camel@tatu.tampereenpuhelin.net> Message-ID: <48556E03.3050802@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tatu Portin wrote: | So, I would like to get a bit clarification... Now I think that OTR | works by encryping the current conversation, so that other's can't | see... what if someone uses the same computer, having pass and login for | the im account? But I guess it prevent such happening, if he steal your | username and pass, and try use by his own computer.. because if he | hasn't stolen the private key, he can't indentify as the original | person. So if someone takes your private key, username, and password, | and logins to your im account from different computer, he can show up as | you, for the OTR of the person he wants talk to? | | _______________________________________________ | OTR-users mailing list | OTR-users@lists.cypherpunks.ca | http://lists.cypherpunks.ca/mailman/listinfo/otr-users If you think something phony is going on you can do a socialist millionaire exchange again asking the person what was the previous shared secret you used. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIVW4D5Zo8rPlqN+sRAr81AKCj8NY4aN5GHuppDBOkG3fTeEOCSACdEzW+ p25Ir/cpOvjkzvGJ1REcOy8= =wR9M -----END PGP SIGNATURE----- From ian@cypherpunks.ca Sun Jun 15 22:14:39 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Sun, 15 Jun 2008 17:14:39 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released Message-ID: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> We are pleased to announce the release of pidgin-otr 3.2.0 (along with libotr 3.2.0). New in 3.2.0: - The functionality of the OTR button has now moved to a menu. There's an "OTR" menu, as well as an icon showing the current OTR state of each active conversation in the window. The button can optionally be shown in addition, now in the conversation toolbar. - New OTR icons from - OTR icons show up inline in the conversation window when the OTR status changes. - Buddy authentication has been revamped, based on the user study published in SOUPS 2008. The default is now to choose a question and an answer only you and the buddy should know. The question is displayed to the buddy, who is prompted for the answer. The "shared secret" and "fingerprint" authentication methods are still available. - Translations for Arabic, German, Russian, Hungarian As usual, the software can be downloaded from http://otr.cypherpunks.ca/ - Ian From paul@cypherpunks.ca Mon Jun 16 03:41:11 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Sun, 15 Jun 2008 22:41:11 -0400 (EDT) Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: On Sun, 15 Jun 2008, Ian Goldberg wrote: > We are pleased to announce the release of pidgin-otr 3.2.0 (along with > libotr 3.2.0). While building libotr, I still get these: libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_modify ['/usr/lib64'] libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_sesskeys ['/usr/lib64'] libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_parse ['/usr/lib64'] libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_remac ['/usr/lib64'] libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_readforge ['/usr/lib64'] libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_mackey ['/usr/lib64'] Some GUI items: When you have the icon and text "not private", you can only right click on it. Can we make left click do "start new private conversation" ? When you are "private" (eg you have authenticated the other end), the menu shows "Authenticate user". It implies (wrongly) that the user was not yet authenticated. Can that be changed to "Re-authenticate user"? I tried twice to have a private+unverified conversation going with the same (pidgin) collapsed user, and see if it would fault back to the unverified instead of the private user but failed. So if that's part of the design, kudos! If it was just accident, please consider it a feature request :) Fedora packages have been build into devel, and should migrate into the releases over the next two days. Paul From bdm@fenrir.org.uk Mon Jun 16 11:49:55 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Mon, 16 Jun 2008 11:49:55 +0100 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: <48564553.1030407@fenrir.org.uk> Paul Wouters wrote: > Fedora packages have been build into devel, and should migrate into the > releases over the next two days. Which distros will these be for Paul? F7 is about to go out of support, so I was wondering if the updated OTR packages will go into F7 updates? -- Brian From ian@cypherpunks.ca Mon Jun 16 12:42:15 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Mon, 16 Jun 2008 07:42:15 -0400 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: <20080616114215.GB24909@yoink.cs.uwaterloo.ca> On Sun, Jun 15, 2008 at 10:41:11PM -0400, Paul Wouters wrote: > On Sun, 15 Jun 2008, Ian Goldberg wrote: > > >We are pleased to announce the release of pidgin-otr 3.2.0 (along with > >libotr 3.2.0). > > While building libotr, I still get these: > > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_modify > ['/usr/lib64'] > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_sesskeys > ['/usr/lib64'] > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_parse > ['/usr/lib64'] > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_remac > ['/usr/lib64'] > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_readforge > ['/usr/lib64'] > libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_mackey > ['/usr/lib64'] I'm not actually sure what this indicates. There's a "-R /usr/lib64" being added to the link command somewhere? Is it the result of configure (with the Fedora arguments) or something else? > Some GUI items: > > When you have the icon and text "not private", you can only right click > on it. Can we make left click do "start new private conversation" ? That was actually a specific complaint people had in our user study. They couldn't figure out how to make the menu come up, since right-clicking isn't one of the "affordances" (in HCI-speak) of a button. So we made it left-click. But we put "Start private conversation" as the top thing in the menu, so it would be very easy to get to. > When you are "private" (eg you have authenticated the other end), the > menu shows "Authenticate user". It implies (wrongly) that the user was > not yet authenticated. Can that be changed to "Re-authenticate user"? We can probably do that. > I tried twice to have a private+unverified conversation going with the same > (pidgin) collapsed user, and see if it would fault back to the unverified > instead of the private user but failed. So if that's part of the design, > kudos! > If it was just accident, please consider it a feature request :) OTR doesn't override where pidgin wants to send the message (which is to whomever is selected in the "Send To" menu). But the appropriate status is highlighted in the menu bar, and indicated in the OTR button in the toolbar. Is that what you're asking? > Fedora packages have been build into devel, and should migrate into the > releases over the next two days. Thanks! - Ian From paul@cypherpunks.ca Mon Jun 16 14:41:06 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Mon, 16 Jun 2008 09:41:06 -0400 (EDT) Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <20080616114215.GB24909@yoink.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080616114215.GB24909@yoink.cs.uwaterloo.ca> Message-ID: On Mon, 16 Jun 2008, Ian Goldberg wrote: >> libotr.x86_64: E: binary-or-shlib-defines-rpath /usr/bin/otr_modify >> ['/usr/lib64'] > I'm not actually sure what this indicates. There's a "-R /usr/lib64" > being added to the link command somewhere? Is it the result of > configure (with the Fedora arguments) or something else? I'll send a seperate message to you and some NLnetlabs developers, who ran into the same issue with the ldns library. I am not sure what they did to fix it. I think your configure scripts ignores "--disable-rpath" >> When you have the icon and text "not private", you can only right click >> on it. Can we make left click do "start new private conversation" ? > > That was actually a specific complaint people had in our user study. > They couldn't figure out how to make the menu come up, Perhaps it needs an underline character underneath one of its letters so people recognise it more as a menu? > right-clicking isn't one of the "affordances" (in HCI-speak) of a > button. So we made it left-click. But we put "Start private > conversation" as the top thing in the menu, so it would be very easy to > get to. But it is really annoying. You go back to pidgin, the other end has ended the conversation, and now you want to talk to them (and you don't have them hardcoded on otr-only). You click on it, expecting it to go from finished to unverified/private with a mouse click, but a menu pops up instead. >> When you are "private" (eg you have authenticated the other end), the >> menu shows "Authenticate user". It implies (wrongly) that the user was >> not yet authenticated. Can that be changed to "Re-authenticate user"? > > We can probably do that. On a similar item. This morning I noticd some windows were in "Finished" mode. I am not sure whether that means I still need to "end private conversation on my end" or not. I guess not (but my brain is hampered by the old method where I DID have to end it myself manually). So I click on "Finished" and get two menu entries. One for "start" and one for "stop". So I cannot conclude my current state from that at all. And indeed, it turns out "finished" is not at all a finished state, it is an unfinished state that requires me to pick "end private conversation". And indeed, now the option is ghosted, and i cannot select it anymore. This is very confusing. I am not sure what the best fix for this issue is, but it is definately not very clear (even to me) >> I tried twice to have a private+unverified conversation going with the same >> (pidgin) collapsed user, and see if it would fault back to the unverified >> instead of the private user but failed. So if that's part of the design, >> kudos! >> If it was just accident, please consider it a feature request :) > > OTR doesn't override where pidgin wants to send the message (which is to > whomever is selected in the "Send To" menu). But the appropriate status > is highlighted in the menu bar, and indicated in the OTR button in the > toolbar. Is that what you're asking? Yes. So in that case, can we redirect/select/prefer an OTR private account within a merged IM identity over a unverified/not private connection? Paul From paul@cypherpunks.ca Mon Jun 16 14:48:07 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Mon, 16 Jun 2008 09:48:07 -0400 (EDT) Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <48564553.1030407@fenrir.org.uk> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <48564553.1030407@fenrir.org.uk> Message-ID: On Mon, 16 Jun 2008, Brian Morrison wrote: >> Fedora packages have been build into devel, and should migrate into the >> releases over the next two days. > > Which distros will these be for Paul? F7 is about to go out of support, > so I was wondering if the updated OTR packages will go into F7 updates? F-7 went EOL 3 days ago, but it looks like I'm allowed to still update packages in it, so I will be pushing this into F-7 as well. Paul From bdm@fenrir.org.uk Mon Jun 16 14:50:15 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Mon, 16 Jun 2008 14:50:15 +0100 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <48564553.1030407@fenrir.org.uk> Message-ID: <48566F97.6010000@fenrir.org.uk> Paul Wouters wrote: > On Mon, 16 Jun 2008, Brian Morrison wrote: > >>> Fedora packages have been build into devel, and should migrate into the >>> releases over the next two days. >> >> Which distros will these be for Paul? F7 is about to go out of support, >> so I was wondering if the updated OTR packages will go into F7 updates? > > F-7 went EOL 3 days ago, but it looks like I'm allowed to still update > packages in it, so I will be pushing this into F-7 as well. Yes, excellent, thanks for that. There are still quite a few packages in updates-testing for F7, I wonder if they will put them all into updates before stopping maintenance work. -- Brian From esurnir@gmail.com Mon Jun 16 17:54:01 2008 From: esurnir@gmail.com (Jean-Baptiste Zeller) Date: Mon, 16 Jun 2008 12:54:01 -0400 Subject: [OTR-users] Plugin for Windows Live Plus! Message-ID: <48569AA9.9000604@gmail.com> Hello, In my quest to convert my friends to the use of Off the Record I came to the unfortunate conclusion that installing pidgin for them sound like the end of the world, and while pidgin is a good program it's shortfall like the absence of Webcam support, it's plain appearance compared to the flashy windows live interface made it difficult for them to make the switch... But those same people for I would qualify "immature teenager reason" don't mind to install Windows Live Plus! to do silly things like change the messenger appearance put color code in their text and other and feed whatever ad agency with precious data if they forgot during the installation to opt out of the advertising program. While at first programming off the record in JScript seemed borderly heretic, I discovered that the script could include call to external dlls library which could -just before sending a message- intercept it, pass it over to a otr.dll library who could return the processed message, leaving the encryption part to a dll and only leaving the UI to be scripted. I'm pretty certain that it would be one of the best solution yet to make it easier for off the record to be adopted by the growing MSN user population. -- Jean-Baptiste Zeller From paul@cypherpunks.ca Mon Jun 16 20:56:19 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Mon, 16 Jun 2008 15:56:19 -0400 (EDT) Subject: [OTR-users] finished state GUI Message-ID: Two other gui items 1) If we are in state "finished", and we type in the input box, we now get: (03:50:18 PM) Your message was not sent. Either end your private conversation, or restart it. Why can't it just attempt a new private conversation (and checking for the previous identity, don't allow it to use a random other key)? Is this just a coding effort, or a design decision? 2) When closing a chat window, the conv is not going to state finished/closed. Why not? With other people, I seem to be getting a lot of "finished conversation" messages, but presumably those people do that manually? Paul From mail@code.mmsources.de Tue Jun 17 10:58:38 2008 From: mail@code.mmsources.de (Michael Meier) Date: Tue, 17 Jun 2008 11:58:38 +0200 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <20080616114215.GB24909@yoink.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080616114215.GB24909@yoink.cs.uwaterloo.ca> Message-ID: <48578ACE.5000800@code.mmsources.de> This is a multi-part message in MIME format. --------------030704080705050105070606 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit >> When you are "private" (eg you have authenticated the other end), the >> menu shows "Authenticate user". It implies (wrongly) that the user was >> not yet authenticated. Can that be changed to "Re-authenticate user"? >> > > We can probably do that. > Hello, attached is the latest revision of de.po to keep it up to date with this change. Regards, Michael --------------030704080705050105070606 Content-Type: text/plain; name="de.po" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="de.po" IyBPZmYtdGhlLVJlY29yZCBNZXNzYWdpbmcgcGx1Z2luIGZvciBwaWRnaW4uCiMgQ29weXJp Z2h0IChDKSAyMDA0LTIwMDggIElhbiBHb2xkYmVyZywgUm9iIFNtaXRzLAojICAgICAgICAg ICAgICAgICAgICAgICAgICBDaHJpcyBBbGV4YW5kZXIsIE5pa2l0YSBCb3Jpc292CiMgVGhp cyBmaWxlIGlzIGRpc3RyaWJ1dGVkIHVuZGVyIHRoZSBzYW1lIGxpY2Vuc2UgYXMgdGhlIHBp ZGdpbi1vdHIgcGFja2FnZS4KIyBNaWNoYWVsIE1laWVyIDxtaWNoYWVsLm1laWVyQG1tc291 cmNlcy5kZT4sIDIwMDguCiMKbXNnaWQgIiIKbXNnc3RyICIiCiJQcm9qZWN0LUlkLVZlcnNp b246IHBpZGdpbi1vdHIgMy4yLjAtZGVcbiIKIlJlcG9ydC1Nc2dpZC1CdWdzLVRvOiBcbiIK IlBPVC1DcmVhdGlvbi1EYXRlOiAyMDA4LTA2LTE3IDExOjUwKzAyMDBcbiIKIlBPLVJldmlz aW9uLURhdGU6IDIwMDgtMDYtMTcgMTE6NTArMDIwMFxuIgoiTGFzdC1UcmFuc2xhdG9yOiBN aWNoYWVsIE1laWVyIDxtaWNoYWVsLm1laWVyQG1tc291cmNlcy5kZT5cbiIKIkxhbmd1YWdl LVRlYW06IE1pY2hhZWwgTWVpZXIgPG1pY2hhZWwubWVpZXJAbW1zb3VyY2VzLmRlPlxuIgoi TUlNRS1WZXJzaW9uOiAxLjBcbiIKIkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl dD1VVEYtOFxuIgoiQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdFxuIgoKIzogLi4v Z3RrLWRpYWxvZy5jOjI5MSAuLi9ndGstZGlhbG9nLmM6MTA4NSAuLi9ndGstZGlhbG9nLmM6 MTA4OQojOiAuLi9ndGstZGlhbG9nLmM6MTUyMyAuLi9ndGstZGlhbG9nLmM6MTYyNiAuLi9n dGstZGlhbG9nLmM6MTY5MQojOiAuLi9ndGstZGlhbG9nLmM6MjE0Mwptc2dpZCAiP2xhbmc9 ZW4iCm1zZ3N0ciAiP2xhbmc9ZGUiCgojOiAuLi9ndGstZGlhbG9nLmM6NDM5Cm1zZ2lkICIi CiJZb3VyIGJ1ZGR5IGlzIGF0dGVtcHRpbmcgdG8gZGV0ZXJtaW5lIGlmIGhlIG9yIHNoZSBp cyByZWFsbHkgdGFsa2luZyB0byB5b3UsICIKIm9yIGlmIGl0J3Mgc29tZW9uZSBwcmV0ZW5k aW5nIHRvIGJlIHlvdS4gIFlvdXIgYnVkZHkgaGFzIGFza2VkIGEgcXVlc3Rpb24sICIKImlu ZGljYXRlZCBiZWxvdy4gIFRvIGF1dGhlbnRpY2F0ZSB0byB5b3VyIGJ1ZGR5LCBlbnRlciB0 aGUgYW5zd2VyIGFuZCBjbGljayAiCiJPSy4iCm1zZ3N0ciAiIgoiSWhyIEJ1ZGR5IHZlcnN1 Y2h0IGZlc3R6dXN0ZWxsZW4sIG9iIGVyIHdpcmtsaWNoIG1pdCBJaG5lbiBzcHJpY2h0IG9k ZXIgIgoiamVtYW5kZW0sIGRlciBzaWNoIGFscyBTaWUgYXVzZ2lidC4gRXIgaGF0IGRhenUg ZGllIHVudGVuIGFuZ2VnZWJlbmUgRnJhZ2UgIgoiZ2VzdGVsbHQuIFVtIElocmVuIEJ1ZGR5 IHp1IGF1dGhlbnRpZml6aWVyZW4sIGdlYmVuIFNpZSBkaWUgQW50d29ydCBlaW4gdW5kICIK ImtsaWNrZW4gU2llIE9LLiIKCiM6IC4uL2d0ay1kaWFsb2cuYzo0NDYKbXNnaWQgIiIKIlRv IGF1dGhlbnRpY2F0ZSB1c2luZyBhIHF1ZXN0aW9uLCBwaWNrIGEgcXVlc3Rpb24gd2hvc2Ug YW5zd2VyIGlzIGtub3duIG9ubHkgIgoidG8geW91IGFuZCB5b3VyIGJ1ZGR5LiAgRW50ZXIg dGhpcyBxdWVzdGlvbiBhbmQgdGhpcyBhbnN3ZXIsIHRoZW4gd2FpdCBmb3IgIgoieW91ciBi dWRkeSB0byBlbnRlciB0aGUgYW5zd2VyIHRvby4gIElmIHRoZSBhbnN3ZXJzIGRvbid0IG1h dGNoLCB0aGVuIHlvdSAiCiJtYXkgYmUgdGFsa2luZyB0byBhbiBpbXBvc3Rlci4iCm1zZ3N0 ciAiIgoiV8OkaGxlbiBTaWUgenVyIEF1dGhlbnRpZml6aWVydW5nIGVpbmUgRnJhZ2UsIGRl cmVuIEFudHdvcnQgbnVyIElobmVuIHVuZCAiCiJJaHJlbSBCdWRkeSBiZWthbm50IGlzdC4g R2ViZW4gU2llIGRpZSBGcmFnZSB1bmQgQW50d29ydCBlaW4gdW5kIHdhcnRlbiBTaWUgIgoi ZGFubiBkYXJhdWYsIGRhc3MgSWhyIEJ1ZGR5IGRpZXNlIEFudHdvcnQgZWJlbmZhbGxzIGVp bmdpYnQuIFNvbGx0ZW4gZGllICIKIkFudHdvcnRlbiBuaWNodCDDvGJlcmVpbnN0aW1tZW4s IGhhYmVuIFNpZSBlcyBtw7ZnbGljaGVyd2Vpc2UgbWl0IGVpbmVtICIKIkhvY2hzdGFwbGVy IHp1IHR1bi4iCgojOiAuLi9ndGstZGlhbG9nLmM6NDY0Cm1zZ2lkICJUaGlzIGlzIHRoZSBx dWVzdGlvbiBhc2tlZCBieSB5b3VyIGJ1ZGR5OiIKbXNnc3RyICJEaWVzZSBGcmFnZSB3dXJk ZSB2b24gSWhyZW0gQnVkZHkgZ2VzdGVsbHQ6IgoKIzogLi4vZ3RrLWRpYWxvZy5jOjQ2Nwpt c2dpZCAiRW50ZXIgcXVlc3Rpb24gaGVyZToiCm1zZ3N0ciAiRnJhZ2UgaGllciBlaW5nZWJl bjoiCgojOiAuLi9ndGstZGlhbG9nLmM6NDk4IC4uL2d0ay1kaWFsb2cuYzo1ODIKbXNnaWQg IlRoaXMgYnVkZHkgaXMgYWxyZWFkeSBhdXRoZW50aWNhdGVkLiIKbXNnc3RyICJEaWVzZXIg QnVkZHkgd3VyZGUgYmVyZWl0cyBhdXRoZW50aWZpemllcnQuIgoKIzogLi4vZ3RrLWRpYWxv Zy5jOjUxMAptc2dpZCAiRW50ZXIgc2VjcmV0IGFuc3dlciBoZXJlIChjYXNlIHNlbnNpdGl2 ZSk6Igptc2dzdHIgIkdlaGVpbWUgQW50d29ydCBoaWVyIGVpbmdlYmVuOiAoR3Jvw58tL0ts ZWluc2NocmVpYnVuZyByZWxldmFudCkiCgojOiAuLi9ndGstZGlhbG9nLmM6NTUxCm1zZ2lk ICIiCiJUbyBhdXRoZW50aWNhdGUsIHBpY2sgYSBzZWNyZXQga25vd24gb25seSB0byB5b3Ug YW5kIHlvdXIgYnVkZHkuICBFbnRlciB0aGlzICIKInNlY3JldCwgdGhlbiB3YWl0IGZvciB5 b3VyIGJ1ZGR5IHRvIGVudGVyIGl0IHRvby4gIElmIHRoZSBzZWNyZXRzIGRvbid0ICIKIm1h dGNoLCB0aGVuIHlvdSBtYXkgYmUgdGFsa2luZyB0byBhbiBpbXBvc3Rlci4iCm1zZ3N0ciAi IgoiV8OkaGxlbiBTaWUgenVyIEF1dGhlbnRpZml6aWVydW5nIGVpbmUgUGFzc3BocmFzZSwg ZGllIG51ciBJaG5lbiB1bmQgSWhyZW0gIgoiQnVkZHkgYmVrYW5udCBpc3QuIEdlYmVuIFNp ZSBkaWVzZSBQYXNzcGhyYXNlIGVpbiwgd2FydGVuIFNpZSBkYW5uIGRhcmF1ZiwgIgoiZGFz cyBJaHIgQnVkZHkgZGllc2UgUGFzc3BocmFzZSBlYmVuZmFsbHMgZWluZ2lidC4gV2VubiBk aWUgUGFzc3BocmFzZW4gIgoibmljaHQgw7xiZXJlaW5zdGltbWVuLCBoYWJlbiBTaWUgZXMg bcO2Z2xpY2hlcndlaXNlIG1pdCBlaW5lbSBIb2Noc3RhcGxlciB6dSAiCiJ0dW4uIgoKIzog Li4vZ3RrLWRpYWxvZy5jOjU2NQptc2dpZCAiRW50ZXIgc2VjcmV0IGhlcmU6Igptc2dzdHIg IkdlaGVpbWUgUGFzc3BocmFzZSBoaWVyIGVpbmdlYmVuIgoKIzogLi4vZ3RrLWRpYWxvZy5j OjYxNiAuLi9ndGstZGlhbG9nLmM6MTM4NAptc2dpZCAiIgoiVG8gdmVyaWZ5IHRoZSBmaW5n ZXJwcmludCwgY29udGFjdCB5b3VyIGJ1ZGR5IHZpYSBzb21lIDxpPm90aGVyPC9pPiAiCiJh dXRoZW50aWNhdGVkIGNoYW5uZWwsIHN1Y2ggYXMgdGhlIHRlbGVwaG9uZSBvciBHUEctc2ln bmVkIGVtYWlsLiAgRWFjaCBvZiAiCiJ5b3Ugc2hvdWxkIHRlbGwgeW91ciBmaW5nZXJwcmlu dCB0byB0aGUgb3RoZXIuIgptc2dzdHIgIiIKIlVtIGRlbiBGaW5nZXJwcmludCB6dSB2ZXJp Zml6aWVyZW4sIGtvbnRha3RpZXJlbiBTaWUgSWhyZW4gQnVkZHkgw7xiZXIgZWluZW4gIgoi PGk+YW5kZXJlbjwvaT4gc2ljaGVyZW4gS2FuYWwsIHp1bSBCZWlzcGllbCBwZXJzw7ZubGlj aCwgcGVyIEdQRy0iCiJ2ZXJzY2hsw7xzc2VsdGVyIEUtTWFpbCBvZGVyIHRlbGVmb25pc2No LiBTaWUgc29sbHRlbiBTaWNoIGdlZ2Vuc2VpdGlnIElocmUgIgoiRmluZ2VycHJpbnRzIG1p dHRlaWxlbi4iCgojOiAuLi9ndGstZGlhbG9nLmM6NjIwIC4uL2d0ay1kaWFsb2cuYzoxMzg4 Cm1zZ2lkICIiCiJJZiBldmVyeXRoaW5nIG1hdGNoZXMgdXAsIHlvdSBzaG91bGQgaW5kaWNh dGUgaW4gdGhlIGFib3ZlIGRpYWxvZyB0aGF0IHlvdSAiCiI8Yj5oYXZlPC9iPiB2ZXJpZmll ZCB0aGUgZmluZ2VycHJpbnQuIgptc2dzdHIgIiIKIldlbm4gYWxsZXMgw7xiZXJlaW5zdGlt bXQsIHNvbGx0ZW4gU2llIGltIG9iaWdlbiBEaWFsb2cgYW5nZWJlbiwgZGFzcyBTaWUgZGVu ICIKIkZpbmdlcnByaW50IDwvYj50YXRzw6RjaGxpY2g8L2I+IHZlcmlmaXppZXJ0IGhhYmVu LiIKCiM6IC4uL2d0ay1kaWFsb2cuYzo2MzEgLi4vZ3RrLWRpYWxvZy5jOjEzNzMKbXNnaWQg Iltub25lXSIKbXNnc3RyICJba2VpbmVyXSIKCiM6IC4uL2d0ay1kaWFsb2cuYzo2MzggLi4v Z3RrLWRpYWxvZy5jOjk5NiAuLi9ndGstZGlhbG9nLmM6MTM4MAojOiAuLi9ndGstZGlhbG9n LmM6MTQzMSAuLi9ndGstdWkuYzoxODEgLi4vb3RyLXBsdWdpbi5jOjExNgojOiAuLi9vdHIt cGx1Z2luLmM6MjEzIC4uL3VpLmM6MTExCm1zZ2lkICJVbmtub3duIgptc2dzdHIgIlVuYmVr YW5udCIKCiM6IC4uL2d0ay1kaWFsb2cuYzo2MzkKIywgYy1mb3JtYXQKbXNnaWQgIiIKIkZp bmdlcnByaW50IGZvciB5b3UsICVzICglcyk6XG4iCiIlc1xuIgoiXG4iCiJQdXJwb3J0ZWQg ZmluZ2VycHJpbnQgZm9yICVzOlxuIgoiJXNcbiIKbXNnc3RyICIiCiJGaW5nZXJwcmludCBm w7xyIFNpZSwgJXMgKCVzKTpcbiIKIiVzXG4iCiJcbiIKIkFuZ2VnZWJlbmVyIEZpbmdlcnBy aW50IGbDvHIgJXM6XG4iCiIlc1xuIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjY5MQptc2dpZCAi SG93IHdvdWxkIHlvdSBsaWtlIHRvIGF1dGhlbnRpY2F0ZSB5b3VyIGJ1ZGR5PyIKbXNnc3Ry ICJXaWUgbcO2Y2h0ZW4gU2llIElocmVuIEJ1ZGR5IGF1dGhlbnRpZml6aWVyZW4/IgoKIzog Li4vZ3RrLWRpYWxvZy5jOjcwMAptc2dpZCAiUXVlc3Rpb24gYW5kIGFuc3dlciIKbXNnc3Ry ICJGcmFnZSB1bmQgQW50d29ydCIKCiM6IC4uL2d0ay1kaWFsb2cuYzo3MDMKbXNnaWQgIlNo YXJlZCBzZWNyZXQiCm1zZ3N0ciAiR2VtZWluc2FtIGJla2FubnRlIFBhc3NwaHJhc2UiCgoj OiAuLi9ndGstZGlhbG9nLmM6NzA2Cm1zZ2lkICJNYW51YWwgZmluZ2VycHJpbnQgdmVyaWZp Y2F0aW9uIgptc2dzdHIgIk1hbnVlbGxlciBGaW5nZXJwcmludC1WZXJnbGVpY2giCgojOiAu Li9ndGstZGlhbG9nLmM6NzQ5Cm1zZ2lkICJfQXV0aGVudGljYXRlIgptc2dzdHIgIl9BdXRo ZW50aWZpemllcmVuIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjc4Mgptc2dpZCAiIgoiQXV0aGVu dGljYXRpbmcgYSBidWRkeSBoZWxwcyBlbnN1cmUgdGhhdCB0aGUgcGVyc29uIHlvdSBhcmUg dGFsa2luZyB0byBpcyAiCiJ3aG8gaGUgb3Igc2hlIGNsYWltcyB0byBiZS4iCm1zZ3N0ciAi IgoiRWluZW4gQnVkZHkgenUgYXV0aGVudGlmaXppZXJlbiBoaWxmdCBzaWNoZXJ6dXN0ZWxs ZW4sIGRhc3MgZGllIFBlcnNvbiwgbWl0ICIKImRlciBTaWUgc3ByZWNoZW4gZGllIGlzdCwg ZGllIHNpZSB6dSBzZWluIGJlaGF1cHRldC4iCgojLiBUcmFuc2xhdG9yczogeW91IGFyZSBh c2tlZCB0byBhdXRoZW50aWNhdGUgeW91cnNlbGYKIzogLi4vZ3RrLWRpYWxvZy5jOjg5MQpt c2dpZCAiQXV0aGVudGljYXRpbmcgdG8gQnVkZHkiCm1zZ3N0ciAiQXV0aGVudGlmaXppZXJl IGdlZ2Vuw7xiZXIgQnVkZHkiCgojLiBUcmFuc2xhdG9yczogeW91IGFza2VkIHlvdXIgYnVk ZHkgdG8gYXV0aGVudGljYXRlIGhpbS9oZXJzZWxmCiM6IC4uL2d0ay1kaWFsb2cuYzo4OTMK bXNnaWQgIkF1dGhlbnRpY2F0aW5nIEJ1ZGR5Igptc2dzdHIgIkF1dGhlbnRpZml6aWVyZSBC dWRkeSIKCiM6IC4uL2d0ay1kaWFsb2cuYzo5MjAKIywgYy1mb3JtYXQKbXNnaWQgIkF1dGhl bnRpY2F0aW5nIHRvICVzIgptc2dzdHIgIkF1dGhlbnRpZml6aWVyZSBnZWdlbsO8YmVyICVz IgoKIzogLi4vZ3RrLWRpYWxvZy5jOjkyMQojLCBjLWZvcm1hdAptc2dpZCAiQXV0aGVudGlj YXRpbmcgJXMiCm1zZ3N0ciAiQXV0aGVudGlmaXppZXJlICVzIgoKIzogLi4vZ3RrLWRpYWxv Zy5jOjk1NAptc2dpZCAiV2FpdGluZyBmb3IgYnVkZHkuLi4iCm1zZ3N0ciAiV2FydGUgYXVm IEJ1ZGR5Li4uIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjk4Nwptc2dpZCAiR2VuZXJhdGluZyBw cml2YXRlIGtleSIKbXNnc3RyICJHZW5lcmllcmUgcHJpdmF0ZW4gU2NobMO8c3NlbCIKCiM6 IC4uL2d0ay1kaWFsb2cuYzo5ODgKbXNnaWQgIlBsZWFzZSB3YWl0Igptc2dzdHIgIkJpdHRl IHdhcnRlbiIKCiMuIENyZWF0ZSB0aGUgUGxlYXNlIFdhaXQuLi4gZGlhbG9nCiM6IC4uL2d0 ay1kaWFsb2cuYzo5OTkKIywgYy1mb3JtYXQKbXNnaWQgIkdlbmVyYXRpbmcgcHJpdmF0ZSBr ZXkgZm9yICVzICglcykuLi4iCm1zZ3N0ciAiR2VuZXJpZXJlIHByaXZhdGVuIFNjaGzDvHNz ZWwgZsO8ciAlcyAoJXMpLi4uIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjEwNDQKIywgYy1mb3Jt YXQKbXNnaWQgIiVzIERvbmUuIgptc2dzdHIgIiVzIEZlcnRpZy4iCgojOiAuLi9ndGstZGlh bG9nLmM6MTA4MwojLCBjLWZvcm1hdAptc2dpZCAiIgoiJXMgaXMgY29udGFjdGluZyB5b3Ug ZnJvbSBhbiB1bnJlY29nbml6ZWQgY29tcHV0ZXIuICBZb3Ugc2hvdWxkIDxhIGhyZWY9XCIl cyUiCiJzXCI+YXV0aGVudGljYXRlPC9hPiB0aGlzIGJ1ZGR5LiIKbXNnc3RyICIiCiIlcyBr b250YWt0aWVydCBTaWUgdm9uIGVpbmVtIHVuYmVrYW5udGVuIENvbXB1dGVyIGF1cy4gU2ll IHNvbGx0ZW4gZGllc2VuICIKIkJ1ZGR5IDxhIGhyZWY9XCIlcyVzXCI+YXV0aGVudGlmaXpp ZXJlbjwvYT4uIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjEwODcKIywgYy1mb3JtYXQKbXNnaWQg IiIKIiVzIGhhcyBub3QgYmVlbiBhdXRoZW50aWNhdGVkIHlldC4gIFlvdSBzaG91bGQgPGEg aHJlZj1cIiVzJXMiCiJcIj5hdXRoZW50aWNhdGU8L2E+IHRoaXMgYnVkZHkuIgptc2dzdHIg IiIKIiVzIHd1cmRlIG5vY2ggbmljaHQgYXV0aGVudGlmaXppZXJ0LiBTaWUgc29sbHRlbiBk aWVzZW4gQnVkZHkgPGEgaHJlZj1cIiVzJXMiCiJcIj5hdXRoZW50aWZpemllcmVuPC9hPi4i CgojOiAuLi9ndGstZGlhbG9nLmM6MTE1MCAuLi9ndGstZGlhbG9nLmM6MTE4MSAuLi9ndGst ZGlhbG9nLmM6MTg2NgojOiAuLi9ndGstZGlhbG9nLmM6MjEzOSAuLi9ndGstdWkuYzo4Mgpt c2dpZCAiRmluaXNoZWQiCm1zZ3N0ciAiQmVlbmRldCIKCiM6IC4uL2d0ay1kaWFsb2cuYzox MTUxIC4uL2d0ay1kaWFsb2cuYzoxMTgyIC4uL2d0ay1kaWFsb2cuYzoxODYzCiM6IC4uL2d0 ay1kaWFsb2cuYzoyMTM2IC4uL2d0ay11aS5jOjgxCm1zZ2lkICJQcml2YXRlIgptc2dzdHIg IlByaXZhdCIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxMTUyIC4uL2d0ay1kaWFsb2cuYzoxMTgz IC4uL2d0ay1kaWFsb2cuYzoxODYwCiM6IC4uL2d0ay1kaWFsb2cuYzoyMTMzIC4uL2d0ay11 aS5jOjgwCm1zZ2lkICJVbnZlcmlmaWVkIgptc2dzdHIgIlVudmVyaWZpemllcnQiCgojOiAu Li9ndGstZGlhbG9nLmM6MTE1MyAuLi9ndGstZGlhbG9nLmM6MTE4NCAuLi9ndGstdWkuYzo3 OQptc2dpZCAiTm90IHByaXZhdGUiCm1zZ3N0ciAiTmljaHQgcHJpdmF0IgoKIzogLi4vZ3Rr LWRpYWxvZy5jOjExNTYKbXNnaWQgIlN0YXJ0IGEgcHJpdmF0ZSBjb252ZXJzYXRpb24iCm1z Z3N0ciAiUHJpdmF0ZSBVbnRlcmhhbHR1bmcgc3RhcnRlbiIKCiM6IC4uL2d0ay1kaWFsb2cu YzoxMTU3Cm1zZ2lkICJSZWZyZXNoIHRoZSBwcml2YXRlIGNvbnZlcnNhdGlvbiIKbXNnc3Ry ICJQcml2YXRlIFVudGVyaGFsdHVuZyBha3R1YWxpc2llcmVuIgoKIzogLi4vZ3RrLWRpYWxv Zy5jOjExNjIgLi4vZ3RrLWRpYWxvZy5jOjE4MDkgLi4vZ3RrLWRpYWxvZy5jOjE5MTAKbXNn aWQgIlN0YXJ0IF9wcml2YXRlIGNvbnZlcnNhdGlvbiIKbXNnc3RyICJfUHJpdmF0ZSBVbnRl cmhhbHR1bmcgc3RhcnRlbiIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxMTYzIC4uL2d0ay1kaWFs b2cuYzoxODEwCm1zZ2lkICJSZWZyZXNoIF9wcml2YXRlIGNvbnZlcnNhdGlvbiIKbXNnc3Ry ICJfUHJpdmF0ZSBVbnRlcmhhbHR1bmcgYWt0dWFsaXNpZXJlbiIKCiM6IC4uL2d0ay1kaWFs b2cuYzoxMTg3Cm1zZ2lkICJPVFIiCm1zZ3N0ciAiT1RSIgoKIy4gVHJhbnNsYXRvcnM6IHRo ZSBmb2xsb3dpbmcgZm91ciBtZXNzYWdlcyBzaG91bGQgZ2l2ZSBhbHRlcm5hdGl2ZSBzZW50 ZW5jZXMuCiMuIFRoZSB1c2VyIHNlbGVjdHMgdGhlIGZpcnN0IG9yIHNlY29uZCBtZXNzYWdl IGluIGEgY29tYm8gYm94OwojLiB0aGUgdGhpcmQgbWVzc2FnZSwgYSBuZXcgbGluZSwgYSBm aW5nZXJwcmludCwgYSBuZXcgbGluZSwgYW5kCiMuIHRoZSBmb3VydGggbWVzc2FnZSB3aWxs IGZvbGxvdyBpdC4KIzogLi4vZ3RrLWRpYWxvZy5jOjEzMjcKbXNnaWQgIkkgaGF2ZSBub3Qi Cm1zZ3N0ciAiSWNoIGhhYmUgbmljaHQiCgojLiAybmQgbWVzc2FnZQojOiAuLi9ndGstZGlh bG9nLmM6MTMyOQptc2dpZCAiSSBoYXZlIgptc2dzdHIgIkljaCBoYWJlIgoKIy4gM3JkIG1l c3NhZ2UKIzogLi4vZ3RrLWRpYWxvZy5jOjEzMzIKbXNnaWQgIiB2ZXJpZmllZCB0aGF0IHRo aXMgaXMgaW4gZmFjdCB0aGUgY29ycmVjdCIKbXNnc3RyICIgw7xiZXJwcsO8ZnQsIGRhc3Mg ZGllcyB0YXRzw6RjaGxpY2ggZGVyIHJpY2h0aWdlIgoKIy4gNHRoIG1lc3NhZ2UKIzogLi4v Z3RrLWRpYWxvZy5jOjEzNDIKIywgYy1mb3JtYXQKbXNnaWQgImZpbmdlcnByaW50IGZvciAl cy4iCm1zZ3N0ciAiRmluZ2VycHJpbnQgZsO8ciAlcyBpc3QuIgoKIzogLi4vZ3RrLWRpYWxv Zy5jOjEzNjkKIywgYy1mb3JtYXQKbXNnaWQgIlZlcmlmeSBmaW5nZXJwcmludCBmb3IgJXMi Cm1zZ3N0ciAiRmluZ2VycHJpbnQgZsO8ciAlcyB2ZXJpZml6aWVyZW4uIgoKIzogLi4vZ3Rr LWRpYWxvZy5jOjEzODEKIywgYy1mb3JtYXQKbXNnaWQgIiIKIjxzbWFsbD48aT4lcyAlc1xu IgoiXG4iCiI8L2k+PC9zbWFsbD5GaW5nZXJwcmludCBmb3IgeW91LCAlcyAoJXMpOlxuIgoi JXNcbiIKIlxuIgoiUHVycG9ydGVkIGZpbmdlcnByaW50IGZvciAlczpcbiIKIiVzXG4iCm1z Z3N0ciAiIgoiPHNtYWxsPjxpPiVzICVzXG4iCiJcbiIKIjwvaT48L3NtYWxsPkZpbmdlcnBy aW50IGbDvHIgU2llLCAlcyAoJXMpOlxuIgoiJXNcbiIKIlxuIgoiQW5nZWdlYmVuZXIgRmlu Z2VycHJpbnQgZsO8ciAlczpcbiIKIiVzXG4iCgojOiAuLi9ndGstZGlhbG9nLmM6MTM5NCAu Li9ndGstdWkuYzo3ODIKbXNnaWQgIlZlcmlmeSBmaW5nZXJwcmludCIKbXNnc3RyICJGaW5n ZXJwcmludCB2ZXJpZml6aWVyZW4iCgojOiAuLi9ndGstZGlhbG9nLmM6MTQyMQojLCBjLWZv cm1hdAptc2dpZCAiQXV0aGVudGljYXRpb24gZnJvbSAlcyIKbXNnc3RyICJBdXRoZW50aWZp emllcnVuZyB2b24gJXMiCgojOiAuLi9ndGstZGlhbG9nLmM6MTQyNAojLCBjLWZvcm1hdApt c2dpZCAiQXV0aGVudGljYXRlICVzIgptc2dzdHIgIiVzIGF1dGhlbnRpZml6aWVyZW4iCgoj OiAuLi9ndGstZGlhbG9nLmM6MTQzNAptc2dpZCAiQXV0aGVudGljYXRlIEJ1ZGR5Igptc2dz dHIgIkJ1ZGR5IGF1dGhlbnRpZml6aWVyZW4iCgojOiAuLi9ndGstZGlhbG9nLmM6MTQ2NQpt c2dpZCAiQW4gZXJyb3Igb2NjdXJyZWQgZHVyaW5nIGF1dGhlbnRpY2F0aW9uLiIKbXNnc3Ry ICJFaW4gRmVobGVyIGlzdCBiZWkgZGVyIEF1dGhlbnRpZml6aWVydW5nIGF1ZmdldHJldGVu LiIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxNDgwCm1zZ2lkICJBdXRoZW50aWNhdGlvbiBzdWNj ZXNzZnVsLiIKbXNnc3RyICJBdXRoZW50aWZpemllcnVuZyBlcmZvbGdyZWljaC4iCgojOiAu Li9ndGstZGlhbG9nLmM6MTQ4Mwptc2dpZCAiIgoiWW91ciBidWRkeSBoYXMgc3VjY2Vzc2Z1 bGx5IGF1dGhlbnRpY2F0ZWQgeW91LiAgWW91IG1heSB3YW50IHRvIGF1dGhlbnRpY2F0ZSAi CiJ5b3VyIGJ1ZGR5IGFzIHdlbGwgYnkgYXNraW5nIHlvdXIgb3duIHF1ZXN0aW9uLiIKbXNn c3RyICIiCiJJaHIgQnVkZHkgaGF0IFNpZSBlcmZvbGdyZWljaCBhdXRoZW50aWZpemllcnQu IFVudGVyIFVtc3TDpG5kZW4gbcO2Y2h0ZW4gU2llICIKImViZW5mYWxscyBlaW5lIEZyYWdl IHN0ZWxsZW4gdW0gSWhyZW4gQnVkZHkgenUgYXV0aGVudGlmaXppZXJlbi4iCgojOiAuLi9n dGstZGlhbG9nLmM6MTQ4OQptc2dpZCAiQXV0aGVudGljYXRpb24gZmFpbGVkLiIKbXNnc3Ry ICJBdXRoZW50aWZpemllcnVuZyBmZWhsZ2VzY2hsYWdlbi4iCgojOiAuLi9ndGstZGlhbG9n LmM6MTUxNwojLCBjLWZvcm1hdAptc2dpZCAiUHJpdmF0ZSBjb252ZXJzYXRpb24gd2l0aCAl cyBzdGFydGVkLiVzIgptc2dzdHIgIlByaXZhdGUgVW50ZXJoYWx0dW5nIG1pdCAlcyBiZWdv bm5lbi4lcyIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxNTIxCiMsIGMtZm9ybWF0Cm1zZ2lkICI8 YSBocmVmPVwiJXMlc1wiPlVudmVyaWZpZWQ8L2E+IGNvbnZlcnNhdGlvbiB3aXRoICUlcyBz dGFydGVkLiUlcyIKbXNnc3RyICIiCiJOaWNodCA8YSBocmVmPVwiJXMlc1wiPnZlcmlmaXpp ZXJ0ZTwvYT4gVW50ZXJoYWx0dW5nIG1pdCAlJXMgYmVnb25uZW4uJSVzIgoKIy4gVGhpcyBs YXN0IGNhc2Ugc2hvdWxkIG5ldmVyIGhhcHBlbiwgc2luY2Ugd2Uga25vdwojLiAqIHdlJ3Jl IGluIEVOQ1JZUFRFRC4KIzogLi4vZ3RrLWRpYWxvZy5jOjE1MjkKIywgYy1mb3JtYXQKbXNn aWQgIk5vdCBwcml2YXRlIGNvbnZlcnNhdGlvbiB3aXRoICVzIHN0YXJ0ZWQuJXMiCm1zZ3N0 ciAiTmljaHQgcHJpdmF0ZSBVbnRlcmhhbHR1bmcgbWl0ICVzIGJlZ29ubmVuLiVzIgoKIzog Li4vZ3RrLWRpYWxvZy5jOjE1MzUgLi4vZ3RrLWRpYWxvZy5jOjE2MzkKbXNnaWQgIiAgV2Fy bmluZzogdXNpbmcgb2xkIHByb3RvY29sIHZlcnNpb24gMS4iCm1zZ3N0ciAiICBXYXJudW5n OiBWZXJ3ZW5kZSB2ZXJhbHRldGUgUHJvdG9rb2xsdmVyc2lvbiAxLiIKCiM6IC4uL2d0ay1k aWFsb2cuYzoxNTU1CiMsIGMtZm9ybWF0Cm1zZ2lkICJQcml2YXRlIGNvbnZlcnNhdGlvbiB3 aXRoICVzIGxvc3QuIgptc2dzdHIgIlByaXZhdGUgVW50ZXJoYWx0dW5nIG1pdCAlcyBhYmdl YnJvY2hlbi4iCgojOiAuLi9ndGstZGlhbG9nLmM6MTU5MgojLCBjLWZvcm1hdAptc2dpZCAi IgoiJXMgaGFzIGVuZGVkIGhpcy9oZXIgcHJpdmF0ZSBjb252ZXJzYXRpb24gd2l0aCB5b3U7 IHlvdSBzaG91bGQgZG8gdGhlIHNhbWUuIgptc2dzdHIgIiIKIiVzIGhhdCBzZWluZS9paHJl IHByaXZhdGUgVW50ZXJoYWx0dW5nIG1pdCBJaG5lbiBiZWVuZGV0LiBTaWUgc29sbHRlbiAi CiJkYXNzZWxiZSB0dW4uIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjE2MTgKIywgYy1mb3JtYXQK bXNnaWQgIlN1Y2Nlc3NmdWxseSByZWZyZXNoZWQgdGhlIHByaXZhdGUgY29udmVyc2F0aW9u IHdpdGggJXMuJXMiCm1zZ3N0ciAiUHJpdmF0ZSBVbnRlcmhhbHR1bmcgbWl0ICVzIGVyZm9s Z3JlaWNoIGFrdHVhbGlzaWVydC4lcyIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxNjIzCiMsIGMt Zm9ybWF0Cm1zZ2lkICIiCiJTdWNjZXNzZnVsbHkgcmVmcmVzaGVkIHRoZSA8YSBocmVmPVwi JXMlc1wiPnVudmVyaWZpZWQ8L2E+IGNvbnZlcnNhdGlvbiB3aXRoICIKIiUlcy4lJXMiCm1z Z3N0ciAiIgoiTmljaHQgPGEgaHJlZj1cIiVzJXNcIj52ZXJpZml6aWVydGU8L2E+IFVudGVy aGFsdHVuZyBtaXQgJSVzIGVyZm9sZ3JlaWNoICIKImFrdHVhbGlzaWVydC4lJXMiCgojLiBU aGlzIGxhc3QgY2FzZSBzaG91bGQgbmV2ZXIgaGFwcGVuLCBzaW5jZSB3ZSBrbm93CiMuICog d2UncmUgaW4gRU5DUllQVEVELgojOiAuLi9ndGstZGlhbG9nLmM6MTYzMgojLCBjLWZvcm1h dAptc2dpZCAiU3VjY2Vzc2Z1bGx5IHJlZnJlc2hlZCB0aGUgbm90IHByaXZhdGUgY29udmVy c2F0aW9uIHdpdGggJXMuJXMiCm1zZ3N0ciAiTmljaHQgcHJpdmF0ZSBVbnRlcmhhbHR1bmcg bWl0ICVzIGVyZm9sZ3JlaWNoIGFrdHVhbGlzaWVydC4lcyIKCiM6IC4uL2d0ay1kaWFsb2cu YzoxNjY0CiMsIGMtZm9ybWF0Cm1zZ2lkICJBdHRlbXB0aW5nIHRvIHJlZnJlc2ggdGhlIHBy aXZhdGUgY29udmVyc2F0aW9uIHdpdGggJXMuLi4iCm1zZ3N0ciAiVmVyc3VjaGUsIGRpZSBw cml2YXRlIFVudGVyaGFsdHVuZyBtaXQgJXMgenUgYWt0dWFsaXNpZXJlbi4uLiIKCiM6IC4u L2d0ay1kaWFsb2cuYzoxNjY2CiMsIGMtZm9ybWF0Cm1zZ2lkICJBdHRlbXB0aW5nIHRvIHN0 YXJ0IGEgcHJpdmF0ZSBjb252ZXJzYXRpb24gd2l0aCAlcy4uLiIKbXNnc3RyICJWZXJzdWNo ZSwgZWluZSBwcml2YXRlIFVudGVyaGFsdHVuZyBtaXQgJXMgenUgYmVnaW5uZW4uLi4iCgoj OiAuLi9ndGstZGlhbG9nLmM6MTgxNQptc2dpZCAiUmVfYXV0aGVudGljYXRlIGJ1ZGR5Igpt c2dzdHIgIkJ1ZGR5IGVybmV1dCBfYXV0aGVudGlmaXppZXJlbiIKCiMuCiMuICogRG9uJ3Qg c2hvdyB0aGUgVmVyaWZ5IGZpbmdlcnByaW50IG1lbnUgb3B0aW9uIGFueSBtb3JlLiAgWW91 IGNhbgojLiAqIHN0aWxsIGdldCB0byB0aGUgZGlhbG9nIHRocm91Z2ggQXV0aGVudGljYXRl IGNvbm5lY3Rpb24gLT4KIy4gKiBBZHZhbmNlZC4uLgojLiAqCiMuIG1lbnV2ZXJmID0gZ3Rr X21lbnVfaXRlbV9uZXdfd2l0aF9tbmVtb25pYyhfKCJfVmVyaWZ5IGZpbmdlcnByaW50Iikp OwojLiBndGtfbWVudV9zaGVsbF9hcHBlbmQoR1RLX01FTlVfU0hFTEwobWVudSksIG1lbnV2 ZXJmKTsKIy4gZ3RrX3dpZGdldF9zaG93KG1lbnV2ZXJmKTsKIy4KIzogLi4vZ3RrLWRpYWxv Zy5jOjE4MTYgLi4vZ3RrLWRpYWxvZy5jOjE5MTIgLi4vZ3RrLWRpYWxvZy5jOjIzMzUKbXNn aWQgIl9BdXRoZW50aWNhdGUgYnVkZHkiCm1zZ3N0ciAiQnVkZHkgX2F1dGhlbnRpZml6aWVy ZW4iCgojOiAuLi9ndGstZGlhbG9nLmM6MTg1NyAuLi9ndGstZGlhbG9nLmM6MjEzMAptc2dp ZCAiTm90IFByaXZhdGUiCm1zZ3N0ciAiTmljaHQgcHJpdmF0IgoKIzogLi4vZ3RrLWRpYWxv Zy5jOjE4NzkgLi4vZ3RrLWRpYWxvZy5jOjIzNTIKbXNnaWQgIl9XaGF0J3MgdGhpcz8iCm1z Z3N0ciAiX1dhcyBpc3QgZGFzPyIKCiM6IC4uL2d0ay1kaWFsb2cuYzoxOTExIC4uL2d0ay1k aWFsb2cuYzoyMzE3Cm1zZ2lkICJfRW5kIHByaXZhdGUgY29udmVyc2F0aW9uIgptc2dzdHIg IlByaXZhdGUgVW50ZXJoYWx0dW5nIGJlX2VuZGVuIgoKIzogLi4vZ3RrLWRpYWxvZy5jOjIx MjYKIywgYy1mb3JtYXQKbXNnaWQgIiIKIlRoZSBwcml2YWN5IHN0YXR1cyBvZiB0aGUgY3Vy cmVudCBjb252ZXJzYXRpb24gaXMgbm93OiA8YSBocmVmPVwiJXMlc1wiPiVzPC8iCiJhPiIK bXNnc3RyICIiCiJEZXIgU3RhdHVzIGRlciBha3R1ZWxsZW4gVW50ZXJoYWx0dW5nIGlzdCBq ZXR6dDogPGEgaHJlZj1cIiVzJXNcIj4lczwvYT4iCgojOiAuLi9ndGstZGlhbG9nLmM6MjI5 MAptc2dpZCAiT1RSOiIKbXNnc3RyICJPVFI6IgoKIzogLi4vZ3RrLWRpYWxvZy5jOjIzMTAK bXNnaWQgIk9UUiBNZXNzYWdpbmciCm1zZ3N0ciAiT1RSIE1lc3NhZ2luZyIKCiM6IC4uL2d0 ay11aS5jOjEwMgojLCBjLWZvcm1hdAptc2dpZCAiRmluZ2VycHJpbnQ6ICUuODBzIgptc2dz dHIgIkZpbmdlcnByaW50OiAlLjgwcyIKCiM6IC4uL2d0ay11aS5jOjEwNgojLCBjLWZvcm1h dAptc2dpZCAiTm8ga2V5IHByZXNlbnQiCm1zZ3N0ciAiS2VpbiBTY2hsw7xzc2VsIHZvcmhh bmRlbiIKCiM6IC4uL2d0ay11aS5jOjExMQojLCBjLWZvcm1hdAptc2dpZCAiTm8gYWNjb3Vu dCBhdmFpbGFibGUiCm1zZ3N0ciAiS2VpbmUgS29udGVuIHZlcmbDvGdiYXIiCgojOiAuLi9n dGstdWkuYzoxNzEKbXNnaWQgIlVudXNlZCIKbXNnc3RyICJVbmJlbnV0enQiCgojOiAuLi9n dGstdWkuYzoxNzcKbXNnaWQgIlllcyIKbXNnc3RyICJKYSIKCiM6IC4uL2d0ay11aS5jOjE3 Nwptc2dpZCAiTm8iCm1zZ3N0ciAiTmVpbiIKCiM6IC4uL2d0ay11aS5jOjQwMwptc2dpZCAi RW5hYmxlIHByaXZhdGUgbWVzc2FnaW5nIgptc2dzdHIgIlByaXZhdGVuIE5hY2hyaWNodGVu dmVyc2FuZCBha3RpdmllcmVuIgoKIzogLi4vZ3RrLXVpLmM6NDA1Cm1zZ2lkICJBdXRvbWF0 aWNhbGx5IGluaXRpYXRlIHByaXZhdGUgbWVzc2FnaW5nIgptc2dzdHIgIlByaXZhdGVuIE5h Y2hyaWNodGVudmVyc2FuZCBhdXRvbWF0aXNjaCBha3RpdmllcmVuIgoKIzogLi4vZ3RrLXVp LmM6NDA3Cm1zZ2lkICJSZXF1aXJlIHByaXZhdGUgbWVzc2FnaW5nIgptc2dzdHIgIlByaXZh dGVuIE5hY2hyaWNodGVudmVyc2FuZCBlcnp3aW5nZW4iCgojOiAuLi9ndGstdWkuYzo0MTAK bXNnaWQgIkRvbid0IGxvZyBPVFIgY29udmVyc2F0aW9ucyIKbXNnc3RyICJPVFItVW50ZXJo YWx0dW5nZW4gbmljaHQgc3BlaWNoZXJuIgoKIzogLi4vZ3RrLXVpLmM6NDU0Cm1zZ2lkICJT aG93IE9UUiBidXR0b24iCm1zZ3N0ciAiT1RSLUJ1dHRvbiBhbnplaWdlbiIKCiM6IC4uL2d0 ay11aS5jOjQ1Nwptc2dpZCAiU2hvdyBPVFIgYnV0dG9uIGluIHRvb2xiYXIiCm1zZ3N0ciAi T1RSLUJ1dHRvbiBpbiBTeW1ib2xsZWlzdGUgYW56ZWlnZW4iCgojOiAuLi9ndGstdWkuYzo2 MDEKbXNnaWQgIk15IHByaXZhdGUga2V5cyIKbXNnc3RyICJNZWluZSBwcml2YXRlbiBTY2hs w7xzc2VsIgoKIzogLi4vZ3RrLXVpLmM6NjEwCm1zZ2lkICJLZXkgZm9yIGFjY291bnQ6Igpt c2dzdHIgIlNjaGzDvHNzZWwgZsO8ciBLb250bzoiCgojOiAuLi9ndGstdWkuYzo2MzUKbXNn aWQgIkdlbmVyYXRlIgptc2dzdHIgIkdlbmVyaWVyZW4iCgojOiAuLi9ndGstdWkuYzo2NzYK bXNnaWQgIkRlZmF1bHQgT1RSIFNldHRpbmdzIgptc2dzdHIgIlN0YW5kYXJkIE9UUi1FaW5z dGVsbHVuZ2VuIgoKIzogLi4vZ3RrLXVpLmM6NzAzCm1zZ2lkICJPVFIgVUkgT3B0aW9ucyIK bXNnc3RyICJPVFItRXJzY2hlaW51bmdzYmlsZCIKCiM6IC4uL2d0ay11aS5jOjcyNgptc2dp ZCAiU2NyZWVubmFtZSIKbXNnc3RyICJTcGl0em5hbWUiCgojOiAuLi9ndGstdWkuYzo3MjcK bXNnaWQgIlN0YXR1cyIKbXNnc3RyICJTdGF0dXMiCgojOiAuLi9ndGstdWkuYzo3MjgKbXNn aWQgIlZlcmlmaWVkIgptc2dzdHIgIlZlcmlmaXppZXJ0IgoKIzogLi4vZ3RrLXVpLmM6NzI5 Cm1zZ2lkICJGaW5nZXJwcmludCIKbXNnc3RyICJGaW5nZXJwcmludCIKCiM6IC4uL2d0ay11 aS5jOjczMAptc2dpZCAiQWNjb3VudCIKbXNnc3RyICJLb250byIKCiM6IC4uL2d0ay11aS5j Ojc2Ngptc2dpZCAiU3RhcnQgcHJpdmF0ZSBjb25uZWN0aW9uIgptc2dzdHIgIlByaXZhdGUg VW50ZXJoYWx0dW5nIHN0YXJ0ZW4iCgojOiAuLi9ndGstdWkuYzo3NzQKbXNnaWQgIkVuZCBw cml2YXRlIGNvbm5lY3Rpb24iCm1zZ3N0ciAiUHJpdmF0ZSBVbnRlcmhhbHR1bmcgYmVlbmRl biIKCiM6IC4uL2d0ay11aS5jOjc5MAptc2dpZCAiRm9yZ2V0IGZpbmdlcnByaW50Igptc2dz dHIgIkZpbmdlcnByaW50IHZlcmdlc3NlbiIKCiM6IC4uL2d0ay11aS5jOjg0MQptc2dpZCAi Q29uZmlnIgptc2dzdHIgIktvbmZpZ3VyYXRpb24iCgojOiAuLi9ndGstdWkuYzo4NDMKbXNn aWQgIktub3duIGZpbmdlcnByaW50cyIKbXNnc3RyICJCZWthbm50ZSBGaW5nZXJwcmludHMi CgojOiAuLi9ndGstdWkuYzo5NDEgLi4vb3RyLXBsdWdpbi5jOjYwNgptc2dpZCAiT1RSIFNl dHRpbmdzIgptc2dzdHIgIk9UUi1FaW5zdGVsbHVuZ2VuIgoKIy4gU2V0IHRoZSB0aXRsZQoj OiAuLi9ndGstdWkuYzo5NTkKIywgYy1mb3JtYXQKbXNnaWQgIk9UUiBTZXR0aW5ncyBmb3Ig JXMiCm1zZ3N0ciAiT1RSLUVpbnN0ZWxsdW5nZW4gZsO8ciAlcyIKCiMuIE1ha2UgdGhlIGNh c2NhZGVkIGNoZWNrYm94ZXMKIzogLi4vZ3RrLXVpLmM6OTc2Cm1zZ2lkICJVc2UgZGVmYXVs dCBPVFIgc2V0dGluZ3MgZm9yIHRoaXMgYnVkZHkiCm1zZ3N0ciAiU3RhbmRhcmQgT1RSLUVp bnN0ZWxsdW5nZW4gZsO8ciBkaWVzZW4gQnVkZHkgdmVyd2VuZGVuIgoKIzogLi4vb3RyLXBs dWdpbi5jOjExNAojLCBjLWZvcm1hdAptc2dpZCAiWW91IGFyZSBub3QgY3VycmVudGx5IGNv bm5lY3RlZCB0byBhY2NvdW50ICVzICglcykuIgptc2dzdHIgIlNpZSBzaW5kIG1vbWVudGFu IG5pY2h0IG1pdCBLb250byAlcyB2ZXJidW5kZW4oJXMpLiIKCiM6IC4uL290ci1wbHVnaW4u YzoxMTgKbXNnaWQgIk5vdCBjb25uZWN0ZWQiCm1zZ3N0ciAiTmljaHQgdmVyYnVuZGVuIgoK IzogLi4vb3RyLXBsdWdpbi5jOjE2MgojLCBjLWZvcm1hdAptc2dpZCAiT3V0IG9mIG1lbW9y eSBidWlsZGluZyBmaWxlbmFtZXMhXG4iCm1zZ3N0ciAiS2VpbiBTcGVpY2hlciB6dW0gRXJz dGVsbGVuIHZvbiBEYXRlaW5hbWVuIVxuIgoKIzogLi4vb3RyLXBsdWdpbi5jOjE2OAojLCBj LWZvcm1hdAptc2dpZCAiQ291bGQgbm90IHdyaXRlIHByaXZhdGUga2V5IGZpbGVcbiIKbXNn c3RyICJLb25udGUgbmljaHQgaW4gZGllIFByaXZhdGUtU2NobMO8c3NlbC1EYXRlaSBzY2hy ZWliZW5cbiIKCiM6IC4uL290ci1wbHVnaW4uYzoyMTEKIywgYy1mb3JtYXQKbXNnaWQgIlVu a25vd24gYWNjb3VudCAlcyAoJXMpLiIKbXNnc3RyICJVbmJla2FubnRlcyBLb250byAlcyAo JXMpLiIKCiM6IC4uL290ci1wbHVnaW4uYzoyMTUKbXNnaWQgIlVua25vd24gYWNjb3VudCIK bXNnc3RyICJVbmJla2FubnRlcyBLb250byIKCiM6IC4uL290ci1wbHVnaW4uYzo5ODMKbXNn aWQgIk9mZi10aGUtUmVjb3JkIE1lc3NhZ2luZyIKbXNnc3RyICJPZmYtdGhlLVJlY29yZCBN ZXNzYWdpbmciCgojOiAuLi9vdHItcGx1Z2luLmM6OTg0Cm1zZ2lkICJQcm92aWRlcyBwcml2 YXRlIGFuZCBzZWN1cmUgY29udmVyc2F0aW9ucyIKbXNnc3RyICJFcm3DtmdsaWNodCBwcml2 YXRlIHVuZCBzaWNoZXJlIFVudGVyaGFsdHVuZ2VuIgoKIzogLi4vb3RyLXBsdWdpbi5jOjk4 NQptc2dpZCAiIgoiUHJlc2VydmVzIHRoZSBwcml2YWN5IG9mIElNIGNvbW11bmljYXRpb25z IGJ5IHByb3ZpZGluZyBlbmNyeXB0aW9uLCAiCiJhdXRoZW50aWNhdGlvbiwgZGVuaWFiaWxp dHksIGFuZCBwZXJmZWN0IGZvcndhcmQgc2VjcmVjeS4iCm1zZ3N0ciAiIgoiQmV3YWhydCBk aWUgVmVydHJhdWxpY2hrZWl0IHZvbiBJTS1VbnRlcmhhbHR1bmdlbiBkdXJjaCBWZXJzY2hs w7xzc2VsdW5nLCAiCiJBdXRoZW50aWZpemllcnVuZywgR2xhdWJoYWZ0ZSBCZXN0cmVpdGJh cmtlaXQgdW5kIFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5LiIKCiM6IC4uL3VpLmM6MTA5CiMs IGMtZm9ybWF0Cm1zZ2lkICJBY2NvdW50ICVzICglcykgY291bGQgbm90IGJlIGZvdW5kIgpt c2dzdHIgIktvbnRvICVzICglcykga29ubnRlIG5pY2h0IGdlZnVuZGVuIHdlcmRlbiIKCiM6 IC4uL3VpLmM6MTEzCm1zZ2lkICJBY2NvdW50IG5vdCBmb3VuZCIKbXNnc3RyICJLb250byBu aWNodCBnZWZ1bmRlbiIKCiN+IG1zZ2lkICIiCiN+ICJJZiB5b3VyIGJ1ZGR5IGhhcyBtb3Jl IHRoYW4gb25lIElNIGFjY291bnQsIG9yIHVzZXMgbW9yZSB0aGFuIG9uZSAiCiN+ICJjb21w dXRlciwgaGUgbWF5IGhhdmUgbXVsdGlwbGUgZmluZ2VycHJpbnRzLiIKI34gbXNnc3RyICIi CiN+ICJTb2xsdGUgSWhyIEJ1ZGR5IG1laHIgYWxzIGVpbiBJTS1Lb250byBvZGVyIG1laHJl cmUgQ29tcHV0ZXIgdmVyd2VuZGVuLCAiCiN+ICJrYW5uIGVyIG1laHIgYWxzIGVpbmVuIEZp bmdlcnByaW50IGhhYmVuLiIKCiN+IG1zZ2lkICIiCiN+ICJIb3dldmVyLCB0aGUgb25seSB3 YXkgYW4gaW1wb3N0ZXIgY291bGQgZHVwbGljYXRlIG9uZSBvZiB5b3VyIGJ1ZGR5J3MgIgoj fiAiZmluZ2VycHJpbnRzIGlzIGJ5IHN0ZWFsaW5nIGluZm9ybWF0aW9uIGZyb20gaGVyL2hp cyBjb21wdXRlci4iCiN+IG1zZ3N0ciAiIgojfiAiRGllIGVpbnppZ2UgTcO2Z2xpY2hrZWl0 IGbDvHIgZWluZW4gSG9jaHN0YXBsZXIsIGRpZSBGaW5nZXJwcmludHMgSWhyZXMgIgojfiAi QnVkZHlzIHp1IGtvcGllcmVuIGlzdCBkYXMgU3RlaGxlbiBkZXIgSW5mb3JtYXRpb25lbiB2 b24gc2VpbmVtL2locmVtICIKI34gIkNvbXB1dGVyLiIKCiN+IG1zZ2lkICJDbGljayBoZXJl IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IGZpbmdlcnByaW50cy4iCiN+IG1zZ3N0ciAi S2xpY2tlbiBTaWUgaGllciBmw7xyIHp1c8OkdHpsaWNoZSBJbmZvcm1hdGlvbmVuIMO8YmVy IEZpbmdlcnByaW50cy4iCgojfiBtc2dpZCAiIgojfiAiQSA8Yj5maW5nZXJwcmludDwvYj4g aXMgYSB1bmlxdWUgaWRlbnRpZmllciB0aGF0IHlvdSBzaG91bGQgdXNlIHRvICIKI34gImF1 dGhlbnRpY2F0ZSB5b3VyIGJ1ZGR5LiIKI34gbXNnc3RyICIiCiN+ICJFaW4gPGI+RmluZ2Vy cHJpbnQ8L2I+IGlzdCBlaW4gZWlubWFsaWdlcyBJZGVudGlmaXppZXJ1bmdzbWVya21hbCwg ZGFzICIKI34gIlNpZSB2ZXJ3ZW5kZW4gc29sbHRlbiwgdW0gSWhyZW4gQnVkZHkgenUgYXV0 aGVudGlmaXppZXJlbi4iCg== --------------030704080705050105070606-- From ian@cypherpunks.ca Tue Jun 17 16:52:03 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Tue, 17 Jun 2008 11:52:03 -0400 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <48578ACE.5000800@code.mmsources.de> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080616114215.GB24909@yoink.cs.uwaterloo.ca> <48578ACE.5000800@code.mmsources.de> Message-ID: <20080617155203.GG6787@thunk.cs.uwaterloo.ca> On Tue, Jun 17, 2008 at 11:58:38AM +0200, Michael Meier wrote: > > >>When you are "private" (eg you have authenticated the other end), the > >>menu shows "Authenticate user". It implies (wrongly) that the user was > >>not yet authenticated. Can that be changed to "Re-authenticate user"? > >> > > > >We can probably do that. > > > Hello, > > attached is the latest revision of de.po to keep it up to date with this > change. Thanks! - Ian From gdt@ir.bbn.com Tue Jun 17 18:28:53 2008 From: gdt@ir.bbn.com (Greg Troxel) Date: Tue, 17 Jun 2008 13:28:53 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> (Ian Goldberg's message of "Sun, 15 Jun 2008 17:14:39 -0400") References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: We are pleased to announce the release of pidgin-otr 3.2.0 (along with libotr 3.2.0). I have updated pkgsrc (NetBSD and others) to 3.2.0, and it seems to run fine. nit: the word "OTR" and the icon in the chat window appear to each be a menu item, with the same contents, but I expected to have instead a single menu item with text and an icon. From ian@cypherpunks.ca Tue Jun 17 21:32:06 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Tue, 17 Jun 2008 16:32:06 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: <20080617203206.GP6787@thunk.cs.uwaterloo.ca> On Tue, Jun 17, 2008 at 01:28:53PM -0400, Greg Troxel wrote: > We are pleased to announce the release of pidgin-otr 3.2.0 (along with > libotr 3.2.0). > > I have updated pkgsrc (NetBSD and others) to 3.2.0, and it seems to run > fine. > > nit: the word "OTR" and the icon in the chat window appear to each be a > menu item, with the same contents, but I expected to have instead a > single menu item with text and an icon. It's that way because you might have multiple conversations going on at the same time in the same window (if you have a merged contact), with different OTR statuses. The "OTR" menu is the currently active conversation, but they'll all have their own menus, headed by the appropriate icon. - Ian From alex323@gmail.com Wed Jun 18 15:07:04 2008 From: alex323@gmail.com (Alex) Date: Wed, 18 Jun 2008 10:07:04 -0400 Subject: [OTR-users] OTR in jeopardy? Message-ID: <20080618100704.5f92aa33@mx.google.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 http://www.pcworld.com/businesscenter/article/147220/ibms_cellbased_roadrunner_supercomputer_is_worlds_fastest.html I think we have something to worry about now. I guess nothing beats a good ol' OTP. - -- Alex -----BEGIN PGP SIGNATURE----- iF4EAREKAAYFAkhZFp4ACgkQYOjBOUora20ikAD9Hi/6kNJDrRfoCcsddgiu7sJw bdRNArb1k3xI2qg3AQAA/3SSI6oX8ztMdoMNlMblr/2I4d0+0m9aDTamFvbm/qXG =y3g3 -----END PGP SIGNATURE----- From d235j.1@gmail.com Wed Jun 18 21:34:17 2008 From: d235j.1@gmail.com (David Ryskalczyk) Date: Wed, 18 Jun 2008 16:34:17 -0400 Subject: [OTR-users] OTR with PortableApps.com Pidgin Message-ID: <97a2442e0806181334hef038dfr60df725d376a1e1c@mail.gmail.com> ------=_Part_5000_21234114.1213821257980 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline You can extract the OTR-Portable installer with 7-zip to see what files are inside. Also, the installer nicely places the NSI script in PidginPortable\Other\Source\PidginPortable.nsi. hope this helps. ------=_Part_5000_21234114.1213821257980 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
You can extract the OTR-Portable installer with 7-zip to see what files are inside. Also, the installer nicely places the NSI script in PidginPortable\Other\Source\PidginPortable.nsi.
 
hope this helps.
------=_Part_5000_21234114.1213821257980-- From joachim.lomeier@web.de Wed Jun 18 22:51:23 2008 From: joachim.lomeier@web.de (Joachim Lomeier) Date: Wed, 18 Jun 2008 23:51:23 +0200 Subject: [OTR-users] Plugin or scriptlet for SamePlace? Message-ID: <721176338@web.de> Hi, it would be great, if someone could provide an OTR extentions or scriptlet for SamePlace (IM extension for Firefox). Website: http://www.sameplace.cc/ Regards, Joachim _________________________________________________________________________ In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114 From ian@cypherpunks.ca Wed Jun 18 23:37:08 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Wed, 18 Jun 2008 18:37:08 -0400 Subject: [OTR-users] OTR in jeopardy? In-Reply-To: <20080618100704.5f92aa33@mx.google.com> References: <20080618100704.5f92aa33@mx.google.com> Message-ID: <20080618223708.GD6417@yoink.cs.uwaterloo.ca> On Wed, Jun 18, 2008 at 10:07:04AM -0400, Alex wrote: > http://www.pcworld.com/businesscenter/article/147220/ibms_cellbased_roadrunner_supercomputer_is_worlds_fastest.html > I think we have something to worry about now. I guess nothing beats a > good ol' OTP. Even generously giving that computer the ability to search 2^50 keys per second, you do realize that 2^128 is much, much bigger than 2^50, right? :-) Lots of things beat good ol' OTP in practice, because of OTP's unreasonable keying requirements. - Ian From ian@cypherpunks.ca Wed Jun 18 23:39:50 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Wed, 18 Jun 2008 18:39:50 -0400 Subject: [OTR-users] Plugin or scriptlet for SamePlace? In-Reply-To: <721176338@web.de> References: <721176338@web.de> Message-ID: <20080618223950.GE6417@yoink.cs.uwaterloo.ca> On Wed, Jun 18, 2008 at 11:51:23PM +0200, Joachim Lomeier wrote: > Hi, > > it would be great, if someone could provide an OTR extentions or > scriptlet for SamePlace (IM extension for Firefox). > > Website: http://www.sameplace.cc/ Wouldn't someone have to write OTR (and all the underlying crypto) in Javascript? That sounds like quite a task. :-) - Ian From a.sporto+bee@gmail.com Thu Jun 19 00:03:42 2008 From: a.sporto+bee@gmail.com (Uli M) Date: Wed, 18 Jun 2008 23:03:42 +0000 (UTC) Subject: [OTR-users] irssi-otr 0.1 released Message-ID: Hi everyone, irssi-otr[1] is a module for the irssi IRC client. It is most useful in combination with the IM-to-IRC-gateway bitlbee[2] but can also be used with standard IRC servers. You can download a snapshot or check out the git repo. Packages for various distros will be available soon. Thanks, Uli [1] http://projects.tuxfamily.org/group.pl?name=irssiotr [2] http://www.bitlbee.org From perrin@apotheon.com Thu Jun 19 08:29:41 2008 From: perrin@apotheon.com (Chad Perrin) Date: Thu, 19 Jun 2008 01:29:41 -0600 Subject: [OTR-users] irssi-otr 0.1 released In-Reply-To: References: Message-ID: <20080619072941.GA7989@kokopelli.hydra> --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 18, 2008 at 11:03:42PM +0000, Uli M wrote: > Hi everyone, >=20 > irssi-otr[1] is a module for the irssi IRC client. It is most useful > in combination with the IM-to-IRC-gateway bitlbee[2] but can also be > used with standard IRC servers. You can download a snapshot or check > out the git repo. Packages for various distros will be available soon. Does that include a port for FreeBSD? --=20 Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Thomas McCauley: "The measure of a man's real character is what he would do if he knew he would never be found out." --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhaCuUACgkQ9mn/Pj01uKXBugCglxI4ie8wi6nlpnS0ZwzmqEYK nZ4An3/rJ9lfZ4AxhgN2XD+xLfHq8OZ7 =7aN3 -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- From a.sporto+bee@gmail.com Thu Jun 19 14:58:17 2008 From: a.sporto+bee@gmail.com (Uli M) Date: Thu, 19 Jun 2008 13:58:17 +0000 (UTC) Subject: [OTR-users] Re: irssi-otr 0.1 released References: <20080619072941.GA7989@kokopelli.hydra> Message-ID: On 2008-06-19, Chad Perrin wrote: > > --x+6KMIRAuhnl3hBn > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Wed, Jun 18, 2008 at 11:03:42PM +0000, Uli M wrote: >> Hi everyone, >> >> irssi-otr[1] is a module for the irssi IRC client. It is most useful >> in combination with the IM-to-IRC-gateway bitlbee[2] but can also be >> used with standard IRC servers. You can download a snapshot or check >> out the git repo. Packages for various distros will be available soon. > > Does that include a port for FreeBSD? Currently, I have no volunteers that would do a FreeBSD port. However, I can tell you that irssi-otr does work on FreeBSD 7, I know someone who's happy with it. If you want to compile it from source there are (besides irssi) two major dependencies: 1. libotr >= 3.1.0. FreeBSD port here [1]. 2. cmake >= 2.4. FreeBSD port here [2]. See also the INSTALL file [3]. Should be straight forward. Let me know if it works for you. Thanks, Uli [1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/libotr/ [2] http://www.freebsd.org/cgi/cvsweb.cgi/ports/devel/cmake/ [3] http://git.tuxfamily.org/irssiotr/irssiotr.git?p=gitroot/irssiotr/irssiotr.git;a=blob_plain;f=INSTALL;hb=HEAD From ian@cypherpunks.ca Thu Jun 19 15:14:59 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Thu, 19 Jun 2008 10:14:59 -0400 Subject: [OTR-users] List of OTR-aware software Message-ID: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> I'm making a web page of OTR-aware software: http://www.cypherpunks.ca/otr/software.php If you know of any that isn't on that list, please reply to this message and tell me about it. (Please include a URL.) Thanks! - Ian From mwgamera@gmail.com Thu Jun 19 15:23:47 2008 From: mwgamera@gmail.com (mwgamera) Date: Thu, 19 Jun 2008 16:23:47 +0200 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: On Thu, Jun 19, 2008 at 4:14 PM, Ian Goldberg wrote: > If you know of any that isn't on that list, please reply to this message > and tell me about it. (Please include a URL.) mcabber is a jabber client that supports otr out of the box. http://lilotux.net/~mikael/mcabber/ -- Kacper Gutowski. From ian@cypherpunks.ca Thu Jun 19 15:27:57 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Thu, 19 Jun 2008 10:27:57 -0400 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: <20080619142757.GJ26418@thunk.cs.uwaterloo.ca> On Thu, Jun 19, 2008 at 04:23:47PM +0200, mwgamera wrote: > On Thu, Jun 19, 2008 at 4:14 PM, Ian Goldberg wrote: > > If you know of any that isn't on that list, please reply to this message > > and tell me about it. (Please include a URL.) > > mcabber is a jabber client that supports otr out of the box. > http://lilotux.net/~mikael/mcabber/ Added, thanks! - Ian From paul@xelerance.com Thu Jun 19 15:40:51 2008 From: paul@xelerance.com (Paul Wouters) Date: Thu, 19 Jun 2008 10:40:51 -0400 (EDT) Subject: [OTR-users] irssi-otr 0.1 released In-Reply-To: References: Message-ID: On Wed, 18 Jun 2008, Uli M wrote: > irssi-otr[1] is a module for the irssi IRC client. It is most useful > in combination with the IM-to-IRC-gateway bitlbee[2] but can also be > used with standard IRC servers. You can download a snapshot or check > out the git repo. Packages for various distros will be available soon. Cool. I'll create an rpm for inclusion into fedora (as I'm already the maintainer for all other otr related packages :) I tried it, but seem to run into some issues: (10:33:41 AM) letootr: test (10:34:46 AM) LetoTo: test (10:35:43 AM) LetoTo: test (10:35:53 AM) Attempting to start a private conversation with letootr... (10:36:30 AM) letootr has not been authenticated yet. You should authenticate this buddy. [Image] (10:36:30 AM) Unverified conversation with letootr started. (10:36:37 AM) Successfully refreshed the unverified conversation with letootr. (10:37:22 AM) LetoTo: test (10:37:22 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. (10:37:22 AM) LetoTo: test (10:37:31 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. (10:37:40 AM) Successfully refreshed the unverified conversation with letootr. (10:37:40 AM) The last message to letootr was resent. (10:37:51 AM) The following message received from letootr was not encrypted: [test] (10:37:58 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. I tried refreshing on gaim, and then i seem to get into a slow loop: (10:39:47 AM) The last message to letootr was resent. (10:39:52 AM) The following message received from letootr was not encrypted: [test] (10:39:54 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. (10:40:02 AM) Attempting to refresh the private conversation with letootr... (10:40:11 AM) Successfully refreshed the unverified conversation with letootr. (10:40:11 AM) The last message to letootr was resent. (10:40:25 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. (10:40:35 AM) Successfully refreshed the unverified conversation with letootr. (10:40:35 AM) The last message to letootr was resent. Paul From paul@xelerance.com Thu Jun 19 15:48:37 2008 From: paul@xelerance.com (Paul Wouters) Date: Thu, 19 Jun 2008 10:48:37 -0400 (EDT) Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: On Thu, 19 Jun 2008, Ian Goldberg wrote: > I'm making a web page of OTR-aware software: > > http://www.cypherpunks.ca/otr/software.php > > If you know of any that isn't on that list, please reply to this message > and tell me about it. (Please include a URL.) The Fedora entry/url you post also lists the package for RHEL, and thus for CentOS too. Paul From paul@cypherpunks.ca Thu Jun 19 16:15:52 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Thu, 19 Jun 2008 11:15:52 -0400 (EDT) Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: On Thu, 19 Jun 2008, Ian Goldberg wrote: > I'm making a web page of OTR-aware software: > > http://www.cypherpunks.ca/otr/software.php > > If you know of any that isn't on that list, please reply to this message > and tell me about it. (Please include a URL.) Also: Python bindings for OTR http://pyotr.pentabarf.de/ Paul From paul@cypherpunks.ca Thu Jun 19 16:19:34 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Thu, 19 Jun 2008 11:19:34 -0400 (EDT) Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: > I'm making a web page of OTR-aware software: > > http://www.cypherpunks.ca/otr/software.php > > If you know of any that isn't on that list, please reply to this message > and tell me about it. (Please include a URL.) Sorry :) PSI plugin http://public.tfh-berlin.de/~s717689/ (PSi is http://psi-im.org/) Paul From david@graniteweb.com Thu Jun 19 16:29:25 2008 From: david@graniteweb.com (David Rock) Date: Thu, 19 Jun 2008 10:29:25 -0500 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: CenterIM (on gentoo, at least) compiles with the OTR library. I have not figured out exactly how to use it, though. http://www.centerim.org/index.php/Main_Page -- David Rock david@graniteweb.com On Jun 19, 2008, at 9:14 AM, Ian Goldberg wrote: > I'm making a web page of OTR-aware software: > > http://www.cypherpunks.ca/otr/software.php > > If you know of any that isn't on that list, please reply to this > message > and tell me about it. (Please include a URL.) > > Thanks! > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users From michael_reichenbach@freenet.de Thu Jun 19 17:13:45 2008 From: michael_reichenbach@freenet.de (Michael Reichenbach) Date: Thu, 19 Jun 2008 18:13:45 +0200 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: <485A85B9.2080100@freenet.de> Ian Goldberg schrieb: > I'm making a web page of OTR-aware software: > > http://www.cypherpunks.ca/otr/software.php > > If you know of any that isn't on that list, please reply to this message > and tell me about it. (Please include a URL.) > > Thanks! > > - Ian I think it would be good to mention that the Pidgin OTR plugin is the offical one from the original project. This is important. It's also the only one I would recommend. Only this plugin is made by developers who may be verified to have a clue about programming and cryptography. I have seen other encryption plugins for other messengers which had serious security bugs. See http://forums.miranda-im.org/showthread.php?t=4768&page=25 a bug where you could trick the encryption easily just by using another client and no more security updates. This plugin is still listed in lists with encryption plugins in the wiki and people use it... Therefore it's important to use plugins from serious programmers or at least if there was serious reviews. -mr From ian@cypherpunks.ca Thu Jun 19 19:08:59 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Thu, 19 Jun 2008 14:08:59 -0400 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: <20080619180859.GU26418@thunk.cs.uwaterloo.ca> On Thu, Jun 19, 2008 at 10:29:25AM -0500, David Rock wrote: > CenterIM (on gentoo, at least) compiles with the OTR library. I have > not figured out exactly how to use it, though. > http://www.centerim.org/index.php/Main_Page http://www.mail-archive.com/centerim-devel@centerim.org/msg00200.html suggests you use F7 to start an OTR session, but it only works with Jabber. - Ian From ian@cypherpunks.ca Thu Jun 19 19:14:57 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Thu, 19 Jun 2008 14:14:57 -0400 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <485A85B9.2080100@freenet.de> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485A85B9.2080100@freenet.de> Message-ID: <20080619181457.GV26418@thunk.cs.uwaterloo.ca> On Thu, Jun 19, 2008 at 06:13:45PM +0200, Michael Reichenbach wrote: > Ian Goldberg schrieb: > >I'm making a web page of OTR-aware software: > > > >http://www.cypherpunks.ca/otr/software.php > > > >If you know of any that isn't on that list, please reply to this message > >and tell me about it. (Please include a URL.) > > > >Thanks! > > > > - Ian > > I think it would be good to mention that the Pidgin OTR plugin is the > offical one from the original project. This is important. It's also the > only one I would recommend. Fair enough. I've added such a note. - Ian From michael_reichenbach@freenet.de Thu Jun 19 19:59:44 2008 From: michael_reichenbach@freenet.de (Michael Reichenbach) Date: Thu, 19 Jun 2008 20:59:44 +0200 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: <485AACA0.2050508@freenet.de> There are also already nice articles in the wiki. http://en.wikipedia.org/wiki/Off-the-Record_Messaging http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients -mr From perrin@apotheon.com Thu Jun 19 22:58:50 2008 From: perrin@apotheon.com (Chad Perrin) Date: Thu, 19 Jun 2008 15:58:50 -0600 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> Message-ID: <20080619215850.GB10473@kokopelli.hydra> --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 19, 2008 at 10:29:25AM -0500, David Rock wrote: > CenterIM (on gentoo, at least) compiles with the OTR library. I have =20 > not figured out exactly how to use it, though. > http://www.centerim.org/index.php/Main_Page I asked the CenterIM folks about this a few months ago. Unless something has changed in the interim, it seems that the OTR plugin for CenterIM only works with one protocol. I think it was ICQ, but I probably wouldn't bet money on that. If that has changed, please let me know -- I'd rather use CenterIM than Pidgin, except for the fact that OTR support works for all protocols in Pidgin. --=20 Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Baltasar Gracian: "A wise man gets more from his enemies than a fool from his friends." --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkha1poACgkQ9mn/Pj01uKUqJQCfWdVzv2jLBGpyivtj0Sv8iULW WUsAn0dcR8P+V5/mejMroTHK2momnJJk =aKXu -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE-- From bdm@fenrir.org.uk Thu Jun 19 23:09:25 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Thu, 19 Jun 2008 23:09:25 +0100 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <48564553.1030407@fenrir.org.uk> Message-ID: <20080619230925.278f9650@peterson.fenrir.org.uk> On Mon, 16 Jun 2008 09:48:07 -0400 (EDT) Paul Wouters wrote: > On Mon, 16 Jun 2008, Brian Morrison wrote: > > >> Fedora packages have been build into devel, and should migrate into the > >> releases over the next two days. > > > > Which distros will these be for Paul? F7 is about to go out of support, > > so I was wondering if the updated OTR packages will go into F7 updates? > > F-7 went EOL 3 days ago, but it looks like I'm allowed to still update > packages in it, so I will be pushing this into F-7 as well. Any update on these packages for Fedora Paul? I don't see anything in updates-testing yet.... -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From a.sporto+bee@gmail.com Fri Jun 20 00:48:26 2008 From: a.sporto+bee@gmail.com (Uli M) Date: Thu, 19 Jun 2008 23:48:26 +0000 (UTC) Subject: [OTR-users] Re: irssi-otr 0.1 released In-Reply-To: References: Message-ID: <20080619234833.GE8251@nets.rwth-aachen.de> On Thu 19.06.08 10:40, Paul Wouters wrote: > On Wed, 18 Jun 2008, Uli M wrote: > >> irssi-otr[1] is a module for the irssi IRC client. It is most useful >> in combination with the IM-to-IRC-gateway bitlbee[2] but can also be >> used with standard IRC servers. You can download a snapshot or check >> out the git repo. Packages for various distros will be available soon. > > Cool. I'll create an rpm for inclusion into fedora (as I'm already the > maintainer for all other otr related packages :) That's great thanks! You'll probably need a tarball for that which includes the three private irssi headers that cmake usually downloads. I'll put one up. > I tried it, but seem to run into some issues: So you're running irssi-otr against pidgin/IRC? I've never tried that combination although it should work. I have no idea what the problem is (there shouldn't be one) but I'll test it myself and see. Don't know why those refreshs occur, maybe that's where the problem lies... Uli > > (10:33:41 AM) letootr: test > (10:34:46 AM) LetoTo: test > (10:35:43 AM) LetoTo: test > (10:35:53 AM) Attempting to start a private conversation with letootr... > (10:36:30 AM) letootr has not been authenticated yet. You should authenticate this buddy. > [Image] (10:36:30 AM) Unverified conversation with letootr started. > (10:36:37 AM) Successfully refreshed the unverified conversation with letootr. > (10:37:22 AM) LetoTo: test > (10:37:22 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. > (10:37:22 AM) LetoTo: test > (10:37:31 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. > (10:37:40 AM) Successfully refreshed the unverified conversation with letootr. > (10:37:40 AM) The last message to letootr was resent. > (10:37:51 AM) The following message received from letootr was not encrypted: [test] > (10:37:58 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. > > I tried refreshing on gaim, and then i seem to get into a slow loop: > > (10:39:47 AM) The last message to letootr was resent. > (10:39:52 AM) The following message received from letootr was not encrypted: [test] > (10:39:54 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. > (10:40:02 AM) Attempting to refresh the private conversation with letootr... > (10:40:11 AM) Successfully refreshed the unverified conversation with letootr. > (10:40:11 AM) The last message to letootr was resent. > (10:40:25 AM) OTR Error: You sent encrypted data to letootr@irc.freenode.net, who wasn't expecting it. > (10:40:35 AM) Successfully refreshed the unverified conversation with letootr. > (10:40:35 AM) The last message to letootr was resent. > > Paul From paul@cypherpunks.ca Fri Jun 20 04:28:28 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Thu, 19 Jun 2008 23:28:28 -0400 (EDT) Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <20080619230925.278f9650@peterson.fenrir.org.uk> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <48564553.1030407@fenrir.org.uk> <20080619230925.278f9650@peterson.fenrir.org.uk> Message-ID: On Thu, 19 Jun 2008, Brian Morrison wrote: > > F-7 went EOL 3 days ago, but it looks like I'm allowed to still update > > packages in it, so I will be pushing this into F-7 as well. > > Any update on these packages for Fedora Paul? > > I don't see anything in updates-testing yet.... I just requested a push to stable: https://admin.fedoraproject.org/updates/F7/pending/libotr-3.2.0-1.fc7 But I think pidgin-otr might not have made the cut (It was pending the new libotr becoming available in the build system). I am not getting: koji: error: Unknown build target: dist-fc7-updates-candidate Paul From paul@xelerance.com Fri Jun 20 04:29:43 2008 From: paul@xelerance.com (Paul Wouters) Date: Thu, 19 Jun 2008 23:29:43 -0400 (EDT) Subject: [OTR-users] Re: irssi-otr 0.1 released In-Reply-To: <20080619234833.GE8251@nets.rwth-aachen.de> References: <20080619234833.GE8251@nets.rwth-aachen.de> Message-ID: On Thu, 19 Jun 2008, Uli M wrote: > >> irssi-otr[1] is a module for the irssi IRC client. It is most useful > >> in combination with the IM-to-IRC-gateway bitlbee[2] but can also be > >> used with standard IRC servers. You can download a snapshot or check > >> out the git repo. Packages for various distros will be available soon. > > > > Cool. I'll create an rpm for inclusion into fedora (as I'm already the > > maintainer for all other otr related packages :) > > That's great thanks! You'll probably need a tarball for that which > includes the three private irssi headers that cmake usually downloads. > I'll put one up. Yes. I noticed that when I build it. It would make my life a lot easier if you can provide those, instead of me needing to write patches or sources for it. > So you're running irssi-otr against pidgin/IRC? I've never tried that > combination although it should work. I have no idea what the problem is > (there shouldn't be one) but I'll test it myself and see. Don't know why > those refreshs occur, maybe that's where the problem lies... Yes, that's what I tried. Paul From brian.mathis@gmail.com Fri Jun 20 14:42:19 2008 From: brian.mathis@gmail.com (Brian Mathis) Date: Fri, 20 Jun 2008 09:42:19 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> Message-ID: <183c528b0806200642k6cd1952aqef4bf5f07b5bb925@mail.gmail.com> On Sun, Jun 15, 2008 at 5:14 PM, Ian Goldberg wrote: > We are pleased to announce the release of pidgin-otr 3.2.0 (along with > libotr 3.2.0). > > New in 3.2.0: > > - The functionality of the OTR button has now moved to a menu. There's > an "OTR" menu, as well as an icon showing the current OTR state of > each active conversation in the window. The button can optionally > be shown in addition, now in the conversation toolbar. > - New OTR icons from > - OTR icons show up inline in the conversation window when the OTR > status changes. > - Buddy authentication has been revamped, based on the user study > published in SOUPS 2008. The default is now to choose a question and > an answer only you and the buddy should know. The question is > displayed to the buddy, who is prompted for the answer. The "shared > secret" and "fingerprint" authentication methods are still available. > - Translations for Arabic, German, Russian, Hungarian > > As usual, the software can be downloaded from http://otr.cypherpunks.ca/ > > - Ian It would be great if the Windows binaries were also available as a zip file. From ian@cypherpunks.ca Fri Jun 20 15:04:22 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Fri, 20 Jun 2008 10:04:22 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: <183c528b0806200642k6cd1952aqef4bf5f07b5bb925@mail.gmail.com> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <183c528b0806200642k6cd1952aqef4bf5f07b5bb925@mail.gmail.com> Message-ID: <20080620140422.GF18999@thunk.cs.uwaterloo.ca> On Fri, Jun 20, 2008 at 09:42:19AM -0400, Brian Mathis wrote: > On Sun, Jun 15, 2008 at 5:14 PM, Ian Goldberg wrote: > > We are pleased to announce the release of pidgin-otr 3.2.0 (along with > > libotr 3.2.0). > > > > New in 3.2.0: > > > > - The functionality of the OTR button has now moved to a menu. There's > > an "OTR" menu, as well as an icon showing the current OTR state of > > each active conversation in the window. The button can optionally > > be shown in addition, now in the conversation toolbar. > > - New OTR icons from > > - OTR icons show up inline in the conversation window when the OTR > > status changes. > > - Buddy authentication has been revamped, based on the user study > > published in SOUPS 2008. The default is now to choose a question and > > an answer only you and the buddy should know. The question is > > displayed to the buddy, who is prompted for the answer. The "shared > > secret" and "fingerprint" authentication methods are still available. > > - Translations for Arabic, German, Russian, Hungarian > > > > As usual, the software can be downloaded from http://otr.cypherpunks.ca/ > > > > - Ian > > It would be great if the Windows binaries were also available as a zip file. You mean just a zip of all the files the installer installs, and you get to put them where they belong yourself? The zip file I build (as input to the nsi installer compiler) looks like this: Length Date Time Name -------- ---- ---- ---- 14605 06-17-08 17:28 README.txt 13064 06-17-08 17:28 README.Toolkit.txt 75464 06-17-08 17:28 Protocol-v2.html 18349 06-17-08 17:28 COPYING.txt 26934 06-17-08 17:28 COPYING.LIB.txt 290816 06-17-08 17:28 otr_mackey.exe 310272 06-17-08 17:28 otr_modify.exe 311296 06-17-08 17:28 otr_parse.exe 322560 06-17-08 17:28 otr_readforge.exe 291328 06-17-08 17:28 otr_remac.exe 291328 06-17-08 17:28 otr_sesskeys.exe 423936 06-17-08 17:28 pidgin-otr.dll 9125 06-15-08 15:16 pidgin-otr.nsi 0 06-17-08 17:28 locale/ 0 06-17-08 17:28 locale/ar/ 0 06-17-08 17:28 locale/ar/LC_MESSAGES/ 11608 06-17-08 17:28 locale/ar/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/de/ 0 06-17-08 17:28 locale/de/LC_MESSAGES/ 12170 06-17-08 17:28 locale/de/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/es/ 0 06-17-08 17:28 locale/es/LC_MESSAGES/ 10789 06-17-08 17:28 locale/es/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/fr/ 0 06-17-08 17:28 locale/fr/LC_MESSAGES/ 10732 06-17-08 17:28 locale/fr/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/hu/ 0 06-17-08 17:28 locale/hu/LC_MESSAGES/ 12901 06-17-08 17:28 locale/hu/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/nl/ 0 06-17-08 17:28 locale/nl/LC_MESSAGES/ 10774 06-17-08 17:28 locale/nl/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/ru/ 0 06-17-08 17:28 locale/ru/LC_MESSAGES/ 13104 06-17-08 17:28 locale/ru/LC_MESSAGES/pidgin-otr.mo 0 06-17-08 17:28 locale/sk/ 0 06-17-08 17:28 locale/sk/LC_MESSAGES/ 13404 06-17-08 17:28 locale/sk/LC_MESSAGES/pidgin-otr.mo Is that file what you're looking for? I can easily put that online: http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.0.zip There's no .asc right now; my signing key is at home. - Ian From bdm@fenrir.org.uk Fri Jun 20 20:46:50 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Fri, 20 Jun 2008 20:46:50 +0100 Subject: [OTR-users] Pidgin crash, appears to be in OTR plugin Message-ID: <20080620204650.63c01485@peterson.fenrir.org.uk> I'm seeing a stubborn crash in Pidgin on Win32, using OTR, with a buddy that is present in MSN and AIM, any attempt to start an IM with or without OTR enabled results in a crash, please see: http://developer.pidgin.im/ticket/6139 Is this an OTR bug? If so a fix would be appreciated. FWIW I could IM this buddy before I got MSN to work through my company firewall, using AIM only. Disabling MSN now does not fix the problem. -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From bdm@fenrir.org.uk Fri Jun 20 20:56:42 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Fri, 20 Jun 2008 20:56:42 +0100 Subject: [OTR-users] Pidgin crash, appears to be in OTR plugin In-Reply-To: <20080620204650.63c01485@peterson.fenrir.org.uk> References: <20080620204650.63c01485@peterson.fenrir.org.uk> Message-ID: <20080620205642.72bd48e3@peterson.fenrir.org.uk> On Fri, 20 Jun 2008 20:46:50 +0100 Brian Morrison wrote: > I'm seeing a stubborn crash in Pidgin on Win32, using OTR, with a buddy > that is present in MSN and AIM, any attempt to start an IM with or > without OTR enabled results in a crash, please see: > > http://developer.pidgin.im/ticket/6139 > > Is this an OTR bug? If so a fix would be appreciated. > > FWIW I could IM this buddy before I got MSN to work through my company > firewall, using AIM only. Disabling MSN now does not fix the problem. > Whoa, false alarm, it seems that the dll with the problem is encrypt.dll which is not OTR, it's from Pidgin Encryption. My mistake! -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From konrad@tylerc.org Fri Jun 20 23:39:28 2008 From: konrad@tylerc.org (Konrad Meyer) Date: Fri, 20 Jun 2008 15:39:28 -0700 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080619230925.278f9650@peterson.fenrir.org.uk> Message-ID: <200806201539.28397.konrad@tylerc.org> --nextPart2365763.uR0aF4QGgY Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Quoth Paul Wouters: > On Thu, 19 Jun 2008, Brian Morrison wrote: >=20 > > > F-7 went EOL 3 days ago, but it looks like I'm allowed to still update > > > packages in it, so I will be pushing this into F-7 as well. > >=20 > > Any update on these packages for Fedora Paul? > >=20 > > I don't see anything in updates-testing yet.... >=20 > I just requested a push to stable: > https://admin.fedoraproject.org/updates/F7/pending/libotr-3.2.0-1.fc7 >=20 > But I think pidgin-otr might not have made the cut (It was pending the > new libotr becoming available in the build system). I am not getting: >=20 > koji: error: Unknown build target: dist-fc7-updates-candidate >=20 > Paul F7 has been EOL for several days now. F7 updates don't exist any more. --=20 Conrad Meyer --nextPart2365763.uR0aF4QGgY Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkhcMaAACgkQCHB0oCiR2cxBjQCgl/km4JhgEKTc3wPb0ybMIe5A a9kAnRk6g+kVqQvFMrxI6wMjMM1GJVYh =tOzn -----END PGP SIGNATURE----- --nextPart2365763.uR0aF4QGgY-- From paul@cypherpunks.ca Sat Jun 21 00:35:41 2008 From: paul@cypherpunks.ca (Paul Wouters) Date: Fri, 20 Jun 2008 19:35:41 -0400 (EDT) Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: <200806201539.28397.konrad@tylerc.org> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080619230925.278f9650@peterson.fenrir.org.uk> <200806201539.28397.konrad@tylerc.org> Message-ID: On Fri, 20 Jun 2008, Konrad Meyer wrote: >> koji: error: Unknown build target: dist-fc7-updates-candidate > > F7 has been EOL for several days now. F7 updates don't exist any more. I know. But my updates were within the build/update system. But pidgin-otr was depending on libotr, so it was trailing a day and got cut off.... Paul From ian@cypherpunks.ca Sat Jun 21 01:36:18 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Fri, 20 Jun 2008 20:36:18 -0400 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: <20080620140422.GF18999@thunk.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <183c528b0806200642k6cd1952aqef4bf5f07b5bb925@mail.gmail.com> <20080620140422.GF18999@thunk.cs.uwaterloo.ca> Message-ID: <20080621003618.GM6417@yoink.cs.uwaterloo.ca> On Fri, Jun 20, 2008 at 10:04:22AM -0400, Ian Goldberg wrote: > Is that file what you're looking for? I can easily put that online: > > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.0.zip > > There's no .asc right now; my signing key is at home. The .asc is also up now: http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.0.zip.asc - Ian From db.netres@gmail.com Wed Jun 25 15:51:29 2008 From: db.netres@gmail.com (db) Date: Wed, 25 Jun 2008 16:51:29 +0200 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <485AACA0.2050508@freenet.de> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> Message-ID: On Thu, Jun 19, 2008 at 8:59 PM, Michael Reichenbach wrote: > There are also already nice articles in the wiki. > http://en.wikipedia.org/wiki/Off-the-Record_Messaging > http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients In this article you can read > The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be used, at a later date, as a tool to demonstrate that the communication happened, who participated in it, and about what it was. Unfortunately, in most cases people using ordinary cryptography software are not aware of this and in most cases they would be better served by OTR tools instead. Hence the initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1] I really don't understand the purpose with OTR in any regular context. Why do you want to be able to deny what you have written/said to friends/colleges? Besides, OTR can not live up to this promise in a more European legal system where courts typically can consider any type of evidence/they are free to sift evidence at their will (e.g., if you have backup copies of logs that are several years old, and these backups pre-dates a court case with a good margin, and these copies are identical to the logs in you IM client most court would consider these logs strong evidence). The only reasonable use for OTR is in contexts such as in Tibet. A typical user in a democratic society are probably much more interested in the type of confidentiality you are used to when you do online banking - that is, prevention of eaves dropping. In my case OTR even caused a lot of headache since most of my chat logs are trivial and I like to store them in my gmail account. Now I just have a lot of encrypted logs I never will be able to decode = phone numbers to friend's friends, e-mail addresses etc are lost forever. I am interested in deniability for the content on my Freenet node since my Freenet datastorage might contain information that I don't want to take responsibility for, possibly because the information is illegal. However this is due to the fact that I can't control what is on my Freenet node and control is the keyword: the content in my chat logs is controllable by me and hence the need for deniability disappears. From bdm@fenrir.org.uk Wed Jun 25 16:14:40 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Wed, 25 Jun 2008 16:14:40 +0100 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> Message-ID: <486260E0.2000609@fenrir.org.uk> db wrote: > On Thu, Jun 19, 2008 at 8:59 PM, Michael Reichenbach > wrote: >> There are also already nice articles in the wiki. >> http://en.wikipedia.org/wiki/Off-the-Record_Messaging >> http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients > > In this article you can read > >> The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be used, at a later date, as a tool to demonstrate that the communication happened, who participated in it, and about what it was. Unfortunately, in most cases people using ordinary cryptography software are not aware of this and in most cases they would be better served by OTR tools instead. Hence the initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1] > > I really don't understand the purpose with OTR in any regular context. > Why do you want to be able to deny what you have written/said to > friends/colleges? Besides, OTR can not live up to this promise in a > more European legal system where courts typically can consider any > type of evidence/they are free to sift evidence at their will (e.g., > if you have backup copies of logs that are several years old, and > these backups pre-dates a court case with a good margin, and these > copies are identical to the logs in you IM client most court would > consider these logs strong evidence). If you are using OTR, you should not be keeping any logs. The point is plausible deniability. If the keys are ephemeral, then the content of your conversations is protected from compromise because *any* plaintext can result from ciphertext protected with an unknown and unknowable key. It makes no difference whether the authorities have your intercepted ciphertext, it could say anything and all they can assume from it is some kind of association with another person, they cannot prove anything and you cannot be forced to compromise or incriminate yourself because you do not have the session key(s) at the time or later. > > The only reasonable use for OTR is in contexts such as in Tibet. A > typical user in a democratic society are probably much more interested > in the type of confidentiality you are used to when you do online > banking - that is, prevention of eaves dropping. Everyone should take all possible steps to protect their private conversations, privacy is the root of a civilized society, no one else has any rights to know what I am talking about with anyone else. That especially includes governments and their agents, just because they can monitor electronic communication does not mean that it should be any easier for them than recording and transcribing ever voice conversation taking place in the entire country. > > In my case OTR even caused a lot of headache since most of my chat > logs are trivial and I like to store them in my gmail account. Now I > just have a lot of encrypted logs I never will be able to decode = > phone numbers to friend's friends, e-mail addresses etc are lost > forever. Then don't store these important pieces of information in these logs that you should not be keeping anyway, extract it and save it separately. But remember that it might be incriminating in itself. I'm very puzzled as to why you're using OTR, it appears to not do what you want at all. -- Brian From db.netres@gmail.com Wed Jun 25 16:34:48 2008 From: db.netres@gmail.com (db) Date: Wed, 25 Jun 2008 17:34:48 +0200 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <486260E0.2000609@fenrir.org.uk> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> <486260E0.2000609@fenrir.org.uk> Message-ID: On Wed, Jun 25, 2008 at 5:14 PM, Brian Morrison wrote: > If you are using OTR, you should not be keeping any logs. But that does not prevent the other party from keeping clear text logs. > The point is > plausible deniability. Which you OTR does not provide if the other party keep logs. > Everyone should take all possible steps to protect their private > conversations, privacy is the root of a civilized society, no one else > has any rights to know what I am talking about with anyone else. That > especially includes governments and their agents, just because they can > monitor electronic communication does not mean that it should be any > easier for them than recording and transcribing ever voice conversation > taking place in the entire country. Yes, and that is what e.g., SSL offers. After using SSL (or PGP or similar) to secure the communication it is up to you to keep/delete the logs. SSL+no logs provides basically the same level of deniability as OTR, that is - the level of deniability depends on the other party keeping clear text logs or not. >> >> In my case OTR even caused a lot of headache since most of my chat >> logs are trivial and I like to store them in my gmail account. Now I >> just have a lot of encrypted logs I never will be able to decode = >> phone numbers to friend's friends, e-mail addresses etc are lost >> forever. > > Then don't store these important pieces of information in these logs > that you should not be keeping anyway, extract it and save it > separately. But remember that it might be incriminating in itself. I find it really funny that you recommend me to not keeps logs. I guess you immediately delete all e-mailsyou receive, burn all paper invoices (although the actual payment probably is traceable anyway), delete all browser cookies regularly etc. I on the other hand like to keep documentation (agreements, phone bills, personal letters) of some events for future reference. > I'm very puzzled as to why you're using OTR, it appears to not do what > you want at all. I don't use it any more, but I have subscribed to this mailing list for some time to find out a reason to start use it but the more I read, the more useless I consider it. I will probably start blocking people trying to use OTR with me in the near future since I see no reason for friends or people I work with to desire "deniability" about what they have written to me. If my manager would ask me to do something and then be able to deny that he sent me such a message - I can only see disadvantages with that situation. From lou@louspringer.com Wed Jun 25 16:50:16 2008 From: lou@louspringer.com (Lou Springer) Date: Wed, 25 Jun 2008 09:50:16 -0600 Subject: [OTR-users] List of OTR-aware software In-Reply-To: <486260E0.2000609@fenrir.org.uk> References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> <486260E0.2000609@fenrir.org.uk> Message-ID: <5D130AC2-3267-4313-BE5A-5CB679964D0E@louspringer.com> Brian, Speaking for myself, the message content encryption is sufficient for my *current* needs. I also occasionally need the logs for the message content as db has outlined. My diminishing 52 year old memory requires the augmentation. The core requirement for OTR as you have outlined it is interesting, and I was unaware of this important distinction between OTR and conventional encryption like SSL. I personally have no *current* need for it. However, I would *strongly* stipulate it is an important and necessary capability, and would never suggest otherwise. I should say I'm not a big fan of anonymity in normal civil discourse, in person or on the web, particularly as a default mode of operation. However, there are unfortunately times and circumstances for it. The inherent tendency of all things on the web to be recorded in much greater mind-numbing totality does distinguish web communication from normal public discourse. Its rare that public conversations and phone calls are recorded unbeknownst to the participants. The same can't be said for email, chat and browsing behavior, which I always assume are meticulously recorded in every detail for all time, good bad or otherwise. Lou On Jun 25, 2008, at 9:14 AM, Brian Morrison wrote: > db wrote: >> On Thu, Jun 19, 2008 at 8:59 PM, Michael Reichenbach >> wrote: >>> There are also already nice articles in the wiki. >>> http://en.wikipedia.org/wiki/Off-the-Record_Messaging >>> http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients >> >> In this article you can read >> >>> The primary motivation behind the protocol was providing >>> deniability for the conversation participants while keeping >>> conversations confidential, like a private conversation in real >>> life, or off the record in journalism sourcing. This is in >>> contrast with the majority of cryptography tools which resemble >>> more a signed writing on paper, which can be used, at a later >>> date, as a tool to demonstrate that the communication happened, >>> who participated in it, and about what it was. Unfortunately, in >>> most cases people using ordinary cryptography software are not >>> aware of this and in most cases they would be better served by OTR >>> tools instead. Hence the initial introductory paper was named "Off- >>> the-Record Communication, or, Why Not To Use PGP".[1] >> >> I really don't understand the purpose with OTR in any regular >> context. >> Why do you want to be able to deny what you have written/said to >> friends/colleges? Besides, OTR can not live up to this promise in a >> more European legal system where courts typically can consider any >> type of evidence/they are free to sift evidence at their will (e.g., >> if you have backup copies of logs that are several years old, and >> these backups pre-dates a court case with a good margin, and these >> copies are identical to the logs in you IM client most court would >> consider these logs strong evidence). > > If you are using OTR, you should not be keeping any logs. The point is > plausible deniability. If the keys are ephemeral, then the content of > your conversations is protected from compromise because *any* > plaintext > can result from ciphertext protected with an unknown and unknowable > key. > It makes no difference whether the authorities have your intercepted > ciphertext, it could say anything and all they can assume from it is > some kind of association with another person, they cannot prove > anything > and you cannot be forced to compromise or incriminate yourself because > you do not have the session key(s) at the time or later. > >> >> The only reasonable use for OTR is in contexts such as in Tibet. A >> typical user in a democratic society are probably much more >> interested >> in the type of confidentiality you are used to when you do online >> banking - that is, prevention of eaves dropping. > > Everyone should take all possible steps to protect their private > conversations, privacy is the root of a civilized society, no one else > has any rights to know what I am talking about with anyone else. That > especially includes governments and their agents, just because they > can > monitor electronic communication does not mean that it should be any > easier for them than recording and transcribing ever voice > conversation > taking place in the entire country. > >> >> In my case OTR even caused a lot of headache since most of my chat >> logs are trivial and I like to store them in my gmail account. Now I >> just have a lot of encrypted logs I never will be able to decode = >> phone numbers to friend's friends, e-mail addresses etc are lost >> forever. > > Then don't store these important pieces of information in these logs > that you should not be keeping anyway, extract it and save it > separately. But remember that it might be incriminating in itself. > > I'm very puzzled as to why you're using OTR, it appears to not do what > you want at all. > > -- > > Brian > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users From bdm@fenrir.org.uk Wed Jun 25 17:18:11 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Wed, 25 Jun 2008 17:18:11 +0100 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> <486260E0.2000609@fenrir.org.uk> Message-ID: <48626FC3.8060007@fenrir.org.uk> db wrote: > On Wed, Jun 25, 2008 at 5:14 PM, Brian Morrison wrote: > >> If you are using OTR, you should not be keeping any logs. > > But that does not prevent the other party from keeping clear text logs. Then you need to be more careful about the people with whom you have OTR chats! > >> The point is >> plausible deniability. > > Which you OTR does not provide if the other party keep logs. See above.... > > >> Everyone should take all possible steps to protect their private >> conversations, privacy is the root of a civilized society, no one else >> has any rights to know what I am talking about with anyone else. That >> especially includes governments and their agents, just because they can >> monitor electronic communication does not mean that it should be any >> easier for them than recording and transcribing ever voice conversation >> taking place in the entire country. > > Yes, and that is what e.g., SSL offers. After using SSL (or PGP or > similar) to secure the communication it is up to you to keep/delete > the logs. SSL+no logs provides basically the same level of deniability > as OTR, that is - the level of deniability depends on the other party > keeping clear text logs or not. OTR provides authentication between people that know each other in a way that SSL does not and perhaps cannot. You never know whether your CA providers have been subverted (after all they are corporations and so have to do what governments and LEAs tell them to) and that a MITM attack is being run. Always think about ensuring further encryption above and beyond SSL when you can. VPNs are good as they can hide all the headers and other information inside the tunnel. Try to find exit points in jurisdictions where the state has included strong legal protections against arbitrary interception without warrant. > >>> In my case OTR even caused a lot of headache since most of my chat >>> logs are trivial and I like to store them in my gmail account. Now I >>> just have a lot of encrypted logs I never will be able to decode = >>> phone numbers to friend's friends, e-mail addresses etc are lost >>> forever. >> Then don't store these important pieces of information in these logs >> that you should not be keeping anyway, extract it and save it >> separately. But remember that it might be incriminating in itself. > > I find it really funny that you recommend me to not keeps logs. I > guess you immediately delete all e-mailsyou receive, burn all paper > invoices (although the actual payment probably is traceable anyway), > delete all browser cookies regularly etc. I on the other hand like to > keep documentation (agreements, phone bills, personal letters) of some > events for future reference. I do pretty much what you suggest, where sensible and practical. I don't keep extraneous crap (my house isn't big enough), and I try to ensure that anything remotely contentious is in my head and leaves as few traces as possible on my PCs. > >> I'm very puzzled as to why you're using OTR, it appears to not do what >> you want at all. > > I don't use it any more, but I have subscribed to this mailing list > for some time to find out a reason to start use it but the more I > read, the more useless I consider it. I will probably start blocking > people trying to use OTR with me in the near future since I see no > reason for friends or people I work with to desire "deniability" about > what they have written to me. If my manager would ask me to do > something and then be able to deny that he sent me such a message - I > can only see disadvantages with that situation. I doubt I would use it for what you are suggesting, but if I'm chatting with friends during work hours (at a low rate) then I don't for one minute believe that the company Jabber server logs don't contain all I have written so with some people I talk to I have OTR to keep things private. Am I paranoid? I don't think so, you can see the abuses cooked up by our insane politicians and policemen in the news every day of the week, don't let them delude you into thinking that spying on people in any way enhances our safety in exchange for freedom. It doesn't, your best defence of your freedom is to refuse to be conned and accept that a madman may kill a few people but that is insignificant in comparison with the danger posed by other things we accept without question. If we all encrypted anything, then the incompetents would have to work a lot harder to wreck what so many fought and died for in the past. -- Brian From ian@cypherpunks.ca Thu Jun 26 04:14:06 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Wed, 25 Jun 2008 23:14:06 -0400 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> Message-ID: <20080626031406.GR6417@yoink.cs.uwaterloo.ca> On Wed, Jun 25, 2008 at 04:51:29PM +0200, db wrote: > Why do you want to be able to deny what you have written/said to > friends/colleges? Besides, OTR can not live up to this promise in a > more European legal system where courts typically can consider any > type of evidence/they are free to sift evidence at their will (e.g., > if you have backup copies of logs that are several years old, and > these backups pre-dates a court case with a good margin, and these > copies are identical to the logs in you IM client most court would > consider these logs strong evidence). This is a common misconception: OTR of course can't provide *more* deniability than plaintext. If an unauthenticated plaintext transcript of your IM conversation is admissible in court, the OTR logs would be as well. What OTR gives you is that you don't get *less* deniability, while at the same time you get strong authentication. That is, you know it really was Bob who sent you that message, but there's no mathematical proof of that fact. Contrast pidgin-encryption, for example, where every message is digitally signed. The advantage of using OTR over, say, Jabber+SSL is that OTR is end-to-end. With Jabber+SSL, the Jabber server has to be trusted not to read and/or modify your messages. - Ian From rick@rickv.com Thu Jun 26 21:40:06 2008 From: rick@rickv.com (Rick Valenzuela) Date: Thu, 26 Jun 2008 16:40:06 -0400 Subject: [OTR-users] List of OTR-aware software In-Reply-To: References: <20080619141459.GI26418@thunk.cs.uwaterloo.ca> <485AACA0.2050508@freenet.de> <486260E0.2000609@fenrir.org.uk> Message-ID: <4863FEA6.3060903@rickv.com> db wrote: > > I find it really funny that you recommend me to not keeps logs. I > guess you immediately delete all e-mailsyou receive, burn all paper > invoices (although the actual payment probably is traceable anyway), > delete all browser cookies regularly etc. I on the other hand like to > keep documentation (agreements, phone bills, personal letters) of some > events for future reference. [...] > I don't use it any more, but I have subscribed to this mailing list > for some time to find out a reason to start use it but the more I > read, the more useless I consider it. I will probably start blocking > people trying to use OTR with me in the near future since I see no > reason for friends or people I work with to desire "deniability" about > what they have written to me. If my manager would ask me to do > something and then be able to deny that he sent me such a message - I > can only see disadvantages with that situation. It might not be useful to you now or at most times, but does that mean there will never be a situation that you want that kind of privacy? Your argument about logs and paper reciepts -- the flip side of that can be just as extreme: keeping receipts for every candy bar or demanding the newsstand guy to write a bill for your newspaper. It brings to mind the phrase "horses for courses": applied here, you choose the mode of communication that is adequate and desirable for the situation at hand. I don't encrypt every email, and while i sign most email with gnupg, i don't sign all emails. I don't say my social security number over a cellphone, but i don't feel the need to whisper it into my bank manager's ear either. The time may come when I want to IM someone at their job about workroom politics. If I trust that person not to log that conversation, OTR would allow me to do that, instead of waiting to talk in person or on the phone later. Convenience when you need it. -- Rick Valenzuela photographer | reporter +1 267 694 3642 | www.rickv.com GnuPG ID: 0xD5644029 From Soccer55113n@wmconnect.com Fri Jun 27 02:54:16 2008 From: Soccer55113n@wmconnect.com (Soccer55113n@wmconnect.com) Date: Thu, 26 Jun 2008 21:54:16 EDT Subject: [OTR-users] (no subject) Message-ID: --part1_c8b.2d78348a.3595a248_boundary Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit i want out of this thing--how do i do it? --part1_c8b.2d78348a.3595a248_boundary Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable i want out of= this thing--how do i do it? --part1_c8b.2d78348a.3595a248_boundary-- From brian.mathis@gmail.com Fri Jun 27 06:20:15 2008 From: brian.mathis@gmail.com (Brian Mathis) Date: Thu, 26 Jun 2008 23:20:15 -0600 Subject: [OTR-users] pidgin-otr 3.2.0 released In-Reply-To: <20080621003618.GM6417@yoink.cs.uwaterloo.ca> References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <183c528b0806200642k6cd1952aqef4bf5f07b5bb925@mail.gmail.com> <20080620140422.GF18999@thunk.cs.uwaterloo.ca> <20080621003618.GM6417@yoink.cs.uwaterloo.ca> Message-ID: <183c528b0806262220t40c788a4r5d520cf4db9046b7@mail.gmail.com> On Fri, Jun 20, 2008 at 6:36 PM, Ian Goldberg wrote: > On Fri, Jun 20, 2008 at 10:04:22AM -0400, Ian Goldberg wrote: >> Is that file what you're looking for? I can easily put that online: >> >> http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.0.zip >> >> There's no .asc right now; my signing key is at home. > > The .asc is also up now: > > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.0.zip.asc > > - Ian Very cool. This will help anyone who is trying to add OTR to a portable pidgin installation. From bdm@fenrir.org.uk Fri Jun 27 08:17:23 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Fri, 27 Jun 2008 08:17:23 +0100 Subject: [OTR-users] (no subject) In-Reply-To: References: Message-ID: <20080627081723.06805b0d@peterson.fenrir.org.uk> On Thu, 26 Jun 2008 21:54:16 EDT Soccer55113n@wmconnect.com wrote: > i want out of this thing--how do i do it? http://lists.cypherpunks.ca/mailman/listinfo/otr-users -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From tinbull@gmail.com Sat Jun 28 05:49:51 2008 From: tinbull@gmail.com (tinbull@gmail.com) Date: Sat, 28 Jun 2008 00:49:51 -0400 (EDT) Subject: [OTR-users] Encryption strength option In-Reply-To: <20080627081723.06805b0d@peterson.fenrir.org.uk> References: <20080627081723.06805b0d@peterson.fenrir.org.uk> Message-ID: Is there a way to select how strong the RSA encryption is? I was hoping to get 4096-bit keys. From esurnir@gmail.com Sat Jun 28 07:28:06 2008 From: esurnir@gmail.com (Jean-Baptiste Zeller) Date: Sat, 28 Jun 2008 02:28:06 -0400 Subject: [OTR-users] Encryption strength option In-Reply-To: References: <20080627081723.06805b0d@peterson.fenrir.org.uk> Message-ID: <4865D9F6.4040901@gmail.com> This is a cryptographically signed message in MIME format. --------------ms070909090503000406080001 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit tinbull@gmail.com wrote: > Is there a way to select how strong the RSA encryption is? I was > hoping to get 4096-bit keys. > > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users Error 404: RSA not found in OTR. --------------ms070909090503000406080001 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRazCC BN0wggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UE BhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEa MBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBT ZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTlaMIGuMQswCQYDVQQGEwJV UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2 MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5 ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqk kqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2qL+usobNqqrcuZzWL eeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJ Q/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udl y/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4IBJzCCASMwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs 4q8p74Klf9AwpLQwHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MA4GA1UdDwEB/wQE AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAR BgNVHSAECjAIMAYGBFUdIAAwewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9j YS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDARBglghkgBhvhCAQEEBAMCAQYw DQYJKoZIhvcNAQEFBQADggEBAJ2Vyzy4fqUJxB6/C8LHdo45PJTGEKpPDMngq4RdiVTgZTvz bRx8NywlVF+WIfw3hJGdFdwUT4HPVB1rbEVgxy35l1FM+WbKPKCCjKbI8OLp1Er57D9Wyd12 jMOCAU9sAPMeGmF0BEcDqcZAV5G8ZSLFJ2dPV9tkWtmNH7qGL/QGrpxp7en0zykX2OBKnxog L5dMUbtGB8SKN04g4wkxaMeexIud6H4RvDJoEJYRmETYKlFgTYjrdDrfQwYyyDlWjDoRUtNB pEMD9O3vMyfbOeAUTibJ2PU54om4k123KSZB6rObroP8d3XK6Mq1/uJlSmM+RMTQw16Hc6mY HK9/FX8wggZBMIIFKaADAgECAhEA/opoicKPwKUL6yD0dVHBNDANBgkqhkiG9w0BAQUFADCB rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz ZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0 aW9uIGFuZCBFbWFpbDAeFw0wODA1MjYwMDAwMDBaFw0wOTA1MjYyMzU5NTlaMIHhMTUwMwYD VQQLEyxDb21vZG8gVHJ1c3QgTmV0d29yayAtIFBFUlNPTkEgTk9UIFZBTElEQVRFRDFGMEQG A1UECxM9VGVybXMgYW5kIENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5u ZXQvcmVwb3NpdG9yeTEfMB0GA1UECxMWKGMpMjAwMyBDb21vZG8gTGltaXRlZDEdMBsGA1UE AxMUSmVhbi1CYXB0aXN0ZSBaZWxsZXIxIDAeBgkqhkiG9w0BCQEWEWVzdXJuaXJAZ21haWwu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NA26ibBoxU600bLO5CTyNjs XSeGLA7+eC1AJmer2E1dbmh3qSFgZMPFsEhFSzuimqbVIAa/810Bg27Gk5X3pSLzOOjvkA50 /pdM2/hQPD0/0jBAQCsuW/RwainmtvdtOQpeQ65Gxk3EBgsZ952bDhMVk9Uh9TwOc7ZcHjRe FAG89274qZIThoVWrKOkZDzc+d0vFA5qiu2bfcjyXugs4bruMKBHg2/AZRqk0oqkkYeBcDXz yLWywBb6zb4so4r+N1NJc2Hz3jZh1kAL/MyVvAXe97EKXCkuaY/qLHmqbWPL1AqtrbvThi6r NrfAwYUKVA0NSeTVcDPIVqpF2nBkGQIDAQABo4ICIzCCAh8wHwYDVR0jBBgwFoAUiYJnfcSd JnAAS7RQSHzePa4Ebn0wHQYDVR0OBBYEFFS2s3OoBXUs6ZxP4cnSghpvleUTMA4GA1UdDwEB /wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMF AjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggr BgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBM oEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRo ZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR0cDovL2NybC5jb21vZG8ubmV0L1VU Ti1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwfAYIKwYBBQUH AQEEcDBuMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BQUFDbGll bnRDQS5jcnQwNAYIKwYBBQUHMAKGKGh0dHA6Ly9jcnQuY29tb2RvLm5ldC9VVE5BQUFDbGll bnRDQS5jcnQwHAYDVR0RBBUwE4ERZXN1cm5pckBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQAD ggEBAJk2ReoabcXhFBv3dMX9YDmfWxfV9LUXeilNQX9vuW5aoosy3VJuqse0j946MaA8WF/q pKJGU2FJED5zjTtFCNUZycEcsT6lkW+HS6sPBaibX7KMj+DhZDo8gy7gX0xHOJF30PHkF+42 on4NQE18cYjMp+D5rVwg8DRTFhXqKcdPmQ/BQVXGECuPSVB/Ay9E7JdiPabtv7ZEleUZwHJv mtCNS7OZvsnANhBfNI5frDJdjGHgMpTpb9p5oN7gdgOc+N3MWY07AOYkYf5j0+9ZtPELvz4c sYhmhnzZQ6Na461NEo7CeOc4QHvDqwimeKnxzrTNMqeGMHwUgzPVg3zC800wggZBMIIFKaAD AgECAhEA/opoicKPwKUL6yD0dVHBNDANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVT RVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0 BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAe Fw0wODA1MjYwMDAwMDBaFw0wOTA1MjYyMzU5NTlaMIHhMTUwMwYDVQQLEyxDb21vZG8gVHJ1 c3QgTmV0d29yayAtIFBFUlNPTkEgTk9UIFZBTElEQVRFRDFGMEQGA1UECxM9VGVybXMgYW5k IENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5uZXQvcmVwb3NpdG9yeTEf MB0GA1UECxMWKGMpMjAwMyBDb21vZG8gTGltaXRlZDEdMBsGA1UEAxMUSmVhbi1CYXB0aXN0 ZSBaZWxsZXIxIDAeBgkqhkiG9w0BCQEWEWVzdXJuaXJAZ21haWwuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NA26ibBoxU600bLO5CTyNjsXSeGLA7+eC1AJmer2E1d bmh3qSFgZMPFsEhFSzuimqbVIAa/810Bg27Gk5X3pSLzOOjvkA50/pdM2/hQPD0/0jBAQCsu W/RwainmtvdtOQpeQ65Gxk3EBgsZ952bDhMVk9Uh9TwOc7ZcHjReFAG89274qZIThoVWrKOk ZDzc+d0vFA5qiu2bfcjyXugs4bruMKBHg2/AZRqk0oqkkYeBcDXzyLWywBb6zb4so4r+N1NJ c2Hz3jZh1kAL/MyVvAXe97EKXCkuaY/qLHmqbWPL1AqtrbvThi6rNrfAwYUKVA0NSeTVcDPI VqpF2nBkGQIDAQABo4ICIzCCAh8wHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0w HQYDVR0OBBYEFFS2s3OoBXUs6ZxP4cnSghpvleUTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMCAGA1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEE BAMCBSAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6 Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2Ny bC5jb21vZG9jYS5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVt YWlsLmNybDBKoEigRoZEaHR0cDovL2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xp ZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwfAYIKwYBBQUHAQEEcDBuMDYGCCsGAQUF BzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BQUFDbGllbnRDQS5jcnQwNAYIKwYB BQUHMAKGKGh0dHA6Ly9jcnQuY29tb2RvLm5ldC9VVE5BQUFDbGllbnRDQS5jcnQwHAYDVR0R BBUwE4ERZXN1cm5pckBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQADggEBAJk2ReoabcXhFBv3 dMX9YDmfWxfV9LUXeilNQX9vuW5aoosy3VJuqse0j946MaA8WF/qpKJGU2FJED5zjTtFCNUZ ycEcsT6lkW+HS6sPBaibX7KMj+DhZDo8gy7gX0xHOJF30PHkF+42on4NQE18cYjMp+D5rVwg 8DRTFhXqKcdPmQ/BQVXGECuPSVB/Ay9E7JdiPabtv7ZEleUZwHJvmtCNS7OZvsnANhBfNI5f rDJdjGHgMpTpb9p5oN7gdgOc+N3MWY07AOYkYf5j0+9ZtPELvz4csYhmhnzZQ6Na461NEo7C eOc4QHvDqwimeKnxzrTNMqeGMHwUgzPVg3zC800xggRTMIIETwIBATCBxDCBrjELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMV VGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5j b20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBF bWFpbAIRAP6KaInCj8ClC+sg9HVRwTQwCQYFKw4DAhoFAKCCAmMwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwNjI4MDYyODA2WjAjBgkqhkiG9w0BCQQx FgQUpwuk6mjWWvoCo6hCcTXkJTkY0m4wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw gdUGCSsGAQQBgjcQBDGBxzCBxDCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYD VQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmly c3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbAIRAP6KaInCj8ClC+sg9HVRwTQw gdcGCyqGSIb3DQEJEAILMYHHoIHEMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJG aXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA/opoicKPwKUL6yD0dVHB NDANBgkqhkiG9w0BAQEFAASCAQAdmKVde5xquW2fw6awUESDXX1EzNC0lEumXpBXPHTlLIKE Wvorf0hYICCENTrv/rnSymAdg0es0gfy5FirLLu7Hjgm7O2t194P+CDA1IWx1ROok/Trgf5c I0RqT/HV0jls3VQyPtr1iO6swRI4EmH+sNW9D42qpCeR/NMtHuBNzPoklVTBFoeGoK+mvx1z nC+GnP3Nd+l8/cpgURcXJo9gHQhkejNxQxJT6gmdCJUOogNvVEe514waCVGAWtBixFOflSuM VGgYYzGdrUuZtW5OP3jwb+pzM3Ej4tsX0fQoSX6TxqPnc4mmE1oAioIr5E7VYvoWpsSHVpvq QR5aAhM4AAAAAAAA --------------ms070909090503000406080001-- From bdm@fenrir.org.uk Sat Jun 28 08:12:04 2008 From: bdm@fenrir.org.uk (Brian Morrison) Date: Sat, 28 Jun 2008 08:12:04 +0100 Subject: [OTR-users] Re: [OTR-announce] pidgin-otr 3.2.0 released In-Reply-To: References: <20080615211439.GA11298@yoink.cs.uwaterloo.ca> <20080619230925.278f9650@peterson.fenrir.org.uk> <200806201539.28397.konrad@tylerc.org> Message-ID: <20080628081204.6fde42eb@peterson.fenrir.org.uk> On Fri, 20 Jun 2008 19:35:41 -0400 (EDT) Paul Wouters wrote: > On Fri, 20 Jun 2008, Konrad Meyer wrote: > > >> koji: error: Unknown build target: dist-fc7-updates-candidate > > > > F7 has been EOL for several days now. F7 updates don't exist any more. > > I know. But my updates were within the build/update system. But pidgin-otr > was depending on libotr, so it was trailing a day and got cut off.... > So far I've not seen any updates to either libotr or pidgin-otr make it through into any of the Fedora repos. I've not upgraded my F7 box to F9, but still nothing. Any ideas what's happening Paul? -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From ian@cypherpunks.ca Sat Jun 28 16:24:57 2008 From: ian@cypherpunks.ca (Ian Goldberg) Date: Sat, 28 Jun 2008 11:24:57 -0400 Subject: [OTR-users] Encryption strength option In-Reply-To: References: <20080627081723.06805b0d@peterson.fenrir.org.uk> Message-ID: <20080628152457.GD6417@yoink.cs.uwaterloo.ca> On Sat, Jun 28, 2008 at 12:49:51AM -0400, tinbull@gmail.com wrote: > Is there a way to select how strong the RSA encryption is? I was hoping to > get 4096-bit keys. Indeed, there's no RSA in OTR at all. But more generally, it doesn't make sense to increase the strength of one part of the system without doing the same to all of the parts. See this message, for example: http://lists.cypherpunks.ca/pipermail/otr-users/2008-May/001289.html - Ian From tinbull@gmail.com Sat Jun 28 16:51:23 2008 From: tinbull@gmail.com (noah ----) Date: Sat, 28 Jun 2008 11:51:23 -0400 Subject: [OTR-users] Encryption strength option In-Reply-To: <20080628152457.GD6417@yoink.cs.uwaterloo.ca> References: <20080627081723.06805b0d@peterson.fenrir.org.uk> <20080628152457.GD6417@yoink.cs.uwaterloo.ca> Message-ID: ------=_Part_5055_9809281.1214668284214 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Ahh, I thought I had read somewhere otr used RSA, my bad. Thanks for the link, very informative! On Sat, Jun 28, 2008 at 11:24 AM, Ian Goldberg wrote: > On Sat, Jun 28, 2008 at 12:49:51AM -0400, tinbull@gmail.com wrote: > > Is there a way to select how strong the RSA encryption is? I was hoping > to > > get 4096-bit keys. > > Indeed, there's no RSA in OTR at all. But more generally, it doesn't > make sense to increase the strength of one part of the system without > doing the same to all of the parts. See this message, for example: > > http://lists.cypherpunks.ca/pipermail/otr-users/2008-May/001289.html > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > ------=_Part_5055_9809281.1214668284214 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Ahh, I thought I had read somewhere otr used RSA, my bad. Thanks for the link, very informative!

On Sat, Jun 28, 2008 at 11:24 AM, Ian Goldberg <ian@cypherpunks.ca> wrote:
On Sat, Jun 28, 2008 at 12:49:51AM -0400, tinbull@gmail.com wrote:
> Is there a way to select how strong the RSA encryption is? I was hoping to
> get 4096-bit keys.

Indeed, there's no RSA in OTR at all.  But more generally, it doesn't
make sense to increase the strength of one part of the system without
doing the same to all of the parts.  See this message, for example:

http://lists.cypherpunks.ca/pipermail/otr-users/2008-May/001289.html

  - Ian
_______________________________________________
OTR-users mailing list
OTR-users@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-users

------=_Part_5055_9809281.1214668284214-- From D31Drcongressashokashok@jetair.co.in Sun Jun 8 01:52:39 2008 From: D31Drcongressashokashok@jetair.co.in (caesar melissa) Date: Sun, 08 Jun 2008 00:52:39 +0000 Subject: [OTR-users] MSG ID:50123 Rock bottom pricing for Chanel, Chloe, Hermes Message-ID: <000501c8c910$0502b543$52d4758a@cngwhmha> The world's largest luxury store for shoes and bags is just one click away. Recommended by thousands of satisfied customers worldwide, we carry dozens of famous brands including: ~ Louis Vuitton ~ Armani ~ Gucci ~ Prada ~ Hermes Here you will find thousands of stunning designs for shoes, and leather products, at rock bottom pricing. Prices range from just $39 to $199; quality is assured and satisfaction absolutely guaranteed. Sale ends this week, so visit us today and start pampering yourself and your loved ones! - Visit our site: www.shoesquality[DOT]com (copy this link and then replace "[DOT]" to ".")