From ananda.samaddar at gmx.co.uk Wed Nov 12 20:22:10 2008 From: ananda.samaddar at gmx.co.uk (Ananda Samaddar) Date: Thu, 13 Nov 2008 01:22:10 +0000 Subject: [OTR-users] otr support in gajim? In-Reply-To: <20081026205532.372f29cd@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> Message-ID: <20081113012210.79d3467b@ananda-desktop> On Sun, 26 Oct 2008 20:55:32 +0100 Jonathan Schleifer wrote: > > OTR was removed from Gajim because we consider the current libotr API > unusably broken. It was not possible to have reliable message delivery > when libotr was used, it silently dropped messages etc. The current > API requires to pass every message to libotr, whether it's an OTR > session or not. We tried some workarounds, until we decided to drop > OTR support. We have GPG and ESessions anyway, so just try to > convince your chat partner of XMPP, then you can use those :). > > We are currently hoping that libotr4 will fix > those issues and might reconsider to revive the OTR support then. > > And there is a branch that still has OTR support (just Google for it) > - however, it is totally unsupport, don't expect any support from the > developers if it fails. > I hope OTR makes its way back into Gajim. OTR is a really nice system and Gajim is a really nice Jabber client (it's like Pidgin but done properly IMO). The perfect match really. -- Ananda Samaddar e-mail: ananda.samaddar at gmx.co.uk Instant Message IDs MSN: ananda.samaddar at hotmail.co.uk Jabber/XMPP/Google Talk: ananda.kumar.samaddar at googlemail.com From aaron.toponce at gmail.com Wed Nov 12 23:19:43 2008 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 12 Nov 2008 21:19:43 -0700 Subject: [OTR-users] otr support in gajim? In-Reply-To: <20081113012210.79d3467b@ananda-desktop> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> Message-ID: <491BAADF.4030702@gmail.com> Ananda Samaddar wrote: > I hope OTR makes its way back into Gajim. OTR is a really nice system > and Gajim is a really nice Jabber client (it's like Pidgin but done > properly IMO). The perfect match really. Gajim 0.12 will feature client-to-client encryption, taking advantage of XEP 0116, thus effectively removing the need for OTR. Of course, the Jabber client on the other end has to support XEP 0116 as well, but that's no different than both supporting OTR. I suspect more and more clients will be XEY 0116 compatible. -- _ Aaron Toponce ( ) ASCII Ribbon Campaign www.aarontoponce.org X www.asciiribbon.org / \ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Thu Nov 13 02:00:37 2008 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 13 Nov 2008 02:00:37 -0500 Subject: [OTR-users] otr support in gajim? In-Reply-To: <491BAADF.4030702@gmail.com> (Aaron Toponce's message of "Wed\, 12 Nov 2008 21\:19\:43 -0700") References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> Message-ID: <87abc4p0tm.fsf@squeak.fifthhorseman.net> On Wed 2008-11-12 23:19:43 -0500, Aaron Toponce wrote: > Gajim 0.12 will feature client-to-client encryption, taking > advantage of XEP 0116, thus effectively removing the need for > OTR. Of course, the Jabber client on the other end has to support > XEP 0116 as well, but that's no different than both supporting > OTR. I suspect more and more clients will be XEY 0116 compatible. I'd never heard of XEP 0116 before, so i looked it up. The first google hit was: http://xmpp.org/extensions/xep-0116.html Which says in red at the top: WARNING: Consideration of this document has been Deferred by the XMPP Standards Foundation. Implementation of the protocol described herein is not recommended. This doesn't sound like a ringing endorsement to me, but i don't know the scene very well. Do you know the backstory here? Can you point to some good documentation about what is going on with this protocol? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From paul at cypherpunks.ca Thu Nov 13 02:32:26 2008 From: paul at cypherpunks.ca (Paul Wouters) Date: Thu, 13 Nov 2008 02:32:26 -0500 (EST) Subject: [OTR-users] otr support in gajim? In-Reply-To: <491BAADF.4030702@gmail.com> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> Message-ID: On Wed, 12 Nov 2008, Aaron Toponce wrote: > Gajim 0.12 will feature client-to-client encryption, taking advantage of > XEP 0116, thus effectively removing the need for OTR. Of course, the http://xmpp.org/extensions/xep-0116.html WARNING: Consideration of this document has been Deferred by the XMPP Standards Foundation. Implementation of the protocol described herein is not recommended. > Jabber client on the other end has to support XEP 0116 as well, but > that's no different than both supporting OTR. I suspect more and more > clients will be XEY 0116 compatible. A quick check shows that XEY 0116 assumes public key cryptography, so some kind of out of bound public key verification. That's quite different from OTR, which has no prerequisites other then agreeing on a shared secret at a party. OTR also supports Opportunistic Encryption, eg start crypto without any identification, so protect against passive attacks. I have not looked closer, but I suspect deniability is also not in this specification. Apart from that, of course only few of my friends use XMPP. Paul From js-otrim at webkeks.org Thu Nov 13 07:25:23 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Thu, 13 Nov 2008 13:25:23 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> Message-ID: <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> Am 13.11.2008 um 08:32 schrieb Paul Wouters: > A quick check shows that XEY 0116 assumes public key cryptography, > so some > kind of out of bound public key verification. Nope, it can be checked in-bound via SAS. > That's quite different from > OTR, which has no prerequisites other then agreeing on a shared > secret at > a party. That's exactly how SAS works. > OTR also supports Opportunistic Encryption, eg start crypto without > any identification, so protect against passive attacks. That's not needed in the XMPP world! No need for ugly hacks to show your support, you can just put it in the capabilities list! And if it's there, it's negotiated automatically, like in Gajim. But unfortunately, ESessions are dead, because other client developers refuse to implement it. They complain it is too complex and others complain that there is - just like for OTR - no cryptanalysis. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: This is a digitally signed message part URL: From ian at cypherpunks.ca Thu Nov 13 12:00:13 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 13 Nov 2008 12:00:13 -0500 Subject: [OTR-users] otr support in gajim? In-Reply-To: <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> Message-ID: <20081113170013.GF14361@thunk.cs.uwaterloo.ca> On Thu, Nov 13, 2008 at 01:25:23PM +0100, Jonathan Schleifer wrote: > Am 13.11.2008 um 08:32 schrieb Paul Wouters: > >> A quick check shows that XEY 0116 assumes public key cryptography, so >> some >> kind of out of bound public key verification. > > Nope, it can be checked in-bound via SAS. SAS can't be checked in-band; a MITM could just substitute the in-band values. >> That's quite different from >> OTR, which has no prerequisites other then agreeing on a shared secret >> at >> a party. > > That's exactly how SAS works. Not quite; OTR allows a prearranged shared secret (of your choice) to be used to authenticate your buddy. With SAS, you have to first generate your keys, then exchange the 5-character short random strings. >> OTR also supports Opportunistic Encryption, eg start crypto without >> any identification, so protect against passive attacks. > > That's not needed in the XMPP world! No need for ugly hacks to show your > support, you can just put it in the capabilities list! And if it's there, > it's negotiated automatically, like in Gajim. This is true. > But unfortunately, ESessions are dead, because other client developers > refuse to implement it. They complain it is too complex and others > complain that there is - just like for OTR - no cryptanalysis. Hmm? There have been formal analyses of the security of the OTR protocol. Is there something in particular you'd like to see that's missing? - Ian From js-otrim at webkeks.org Thu Nov 13 12:12:12 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Thu, 13 Nov 2008 18:12:12 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: <20081113170013.GF14361@thunk.cs.uwaterloo.ca> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> Message-ID: <20081113181212.20441d63@webkeks.org> Ian Goldberg wrote: > SAS can't be checked in-band; a MITM could just substitute the in-band > values. Oh, sorry, I understood in-band as in in-client, not as in inside the conversation. That - of course - does not work, as it would compromise security. > Not quite; OTR allows a prearranged shared secret (of your choice) to > be used to authenticate your buddy. With SAS, you have to first > generate your keys, then exchange the 5-character short random > strings. With ESessions, you don't even need keys :) You just use a shared secret and no keys (you can use keys, but the simplified ESessions XEP doesn't require them). > Hmm? There have been formal analyses of the security of the OTR > protocol. Is there something in particular you'd like to see that's > missing? I don't want to see anything, it are developers of other clients who first want to see a real cryptanalysis on the protocol like it has been done for TLS and this is why soon TLS will be used for client to client encryption in XMPP :(. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From ananda.samaddar at vfemail.net Tue Nov 18 20:10:55 2008 From: ananda.samaddar at vfemail.net (Ananda Samaddar) Date: Wed, 19 Nov 2008 01:10:55 +0000 Subject: [OTR-users] otr support in gajim? In-Reply-To: <20081113181212.20441d63@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> Message-ID: <4923679F.6080801@vfemail.net> Jonathan Schleifer wrote: > Ian Goldberg wrote: > >> SAS can't be checked in-band; a MITM could just substitute the in-band >> values. > > Oh, sorry, I understood in-band as in in-client, not as in inside the > conversation. That - of course - does not work, as it would compromise > security. > >> Not quite; OTR allows a prearranged shared secret (of your choice) to >> be used to authenticate your buddy. With SAS, you have to first >> generate your keys, then exchange the 5-character short random >> strings. > > With ESessions, you don't even need keys :) You just use a shared > secret and no keys (you can use keys, but the simplified ESessions XEP > doesn't require them). > >> Hmm? There have been formal analyses of the security of the OTR >> protocol. Is there something in particular you'd like to see that's >> missing? > > I don't want to see anything, it are developers of other clients who > first want to see a real cryptanalysis on the protocol like it has been > done for TLS and this is why soon TLS will be used for client to client > encryption in XMPP :(. > > The fact of the matter is that OTR is already implemented in Pidgin, Kopete and Adium. Three of the most popular FLOSS instant messaging clients and is protocol agnostic. This alone means that it's becoming a de facto standard for IM encryption and reason enough for Gajim to support it. Ananda From js-otrim at webkeks.org Wed Nov 19 01:24:48 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Wed, 19 Nov 2008 07:24:48 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: <4923679F.6080801@vfemail.net> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> Message-ID: <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> Am 19.11.2008 um 02:10 schrieb Ananda Samaddar: > The fact of the matter is that OTR is already implemented in Pidgin, > Kopete and Adium. Three of the most popular FLOSS instant messaging > clients and is protocol agnostic. This alone means that it's > becoming a de facto standard for IM encryption and reason enough for > Gajim to support it. Actually, we don't think so. OTR is mostly used in legacy networks (this is how the XMPP world calls ICQ, MSN etc.) which will sooner or later fade away, thus it's better to use what is standarized by the XSF and promote that instead of embracing a workaround/hack. The only reason why one would want OTR in Gajim is for using transports. But when you can successfully migrate someone to a client that supports OTR, it shouldn't be a problem to migrate that user to XMPP as well, as most of the clients that support OTR also support XMPP. Sure, ESessions isn't widespreaed, and it will never be, as it's deferred. But c2c TLS will definitely come and will very quickly appear in every XMPP client, as it's easy to implement. It's far better for Gajim to invest resources into that than into OTR, because all developers of major clients already agreed on standards at xmpp.org to implement it once it's finished. Plus, there's still the unsupported OTR branch which you can use. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: This is a digitally signed message part URL: From ananda.samaddar at vfemail.net Wed Nov 19 17:55:24 2008 From: ananda.samaddar at vfemail.net (Ananda Samaddar) Date: Wed, 19 Nov 2008 22:55:24 +0000 Subject: [OTR-users] otr support in gajim? In-Reply-To: <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> Message-ID: <4924995C.8040007@vfemail.net> Jonathan Schleifer wrote: > > Actually, we don't think so. OTR is mostly used in legacy networks (this > is how the XMPP world calls ICQ, MSN etc.) which will sooner or later > fade away, thus it's better to use what is standarized by the XSF and > promote that instead of embracing a workaround/hack. I don't think MSN, AIM, or YM are going anywhere quite yet. Labelling OTR as a 'hack' or a 'workaround' is somewhat insulting to OTR's creators and developers in my opinion. What exactly do you mean by this as well? OTR is to my knowledge a pretty good method of communicating securely over an unsecure channel and uses a similar design philosophy to SSH. The protocol seems to have been well thought out and documented and was created by respected cryptographers. Is PGP a hack as well too? It fulfils a similar role to OTR with respect to e-mail. What about SSH? > The only reason why > one would want OTR in Gajim is for using transports. But when you can > successfully migrate someone to a client that supports OTR, it shouldn't > be a problem to migrate that user to XMPP as well, as most of the > clients that support OTR also support XMPP. Not much cop when most of your or their friends aren't on XMPP. Proprietary IM protocols are a fact of internet life, even though I wish they weren't. > Sure, ESessions isn't widespreaed, and it will never be, as it's > deferred. But c2c TLS will definitely come and will very quickly appear > in every XMPP client, as it's easy to implement. It's far better for > Gajim to invest resources into that than into OTR, because all > developers of major clients already agreed on standards at xmpp.org to > implement it once it's finished. > Plus, there's still the unsupported OTR branch which you can use. > I've been in contact with Kjell Braden who does the work on the OTR branch. He is hoping to get his code merged back into the main branch when Gajim's plugin system and libotr4 is implemented. I hope Gajim's developers see sense and allow this merge. As far as resources are concerned surely Kjell will the be the one devoting development time to OTR in Gajim and not the main developers? Ananda From paul at cypherpunks.ca Thu Nov 20 18:29:08 2008 From: paul at cypherpunks.ca (Paul Wouters) Date: Thu, 20 Nov 2008 18:29:08 -0500 (EST) Subject: [OTR-users] otr support in gajim? In-Reply-To: <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> Message-ID: On Wed, 19 Nov 2008, Jonathan Schleifer wrote: > Actually, we don't think so. OTR is mostly used in legacy networks (this is > how the XMPP world calls ICQ, MSN etc.) which will sooner or later fade away, > thus it's better to use what is standarized by the XSF and promote that > instead of embracing a workaround/hack. > client, as it's easy to implement. It's far better for Gajim to invest > resources into that than into OTR, because all developers of major clients > already agreed on standards at xmpp.org to implement it once it's finished. Funny that, I thought IETF standards required, apart from concensus on the protocol, *running code*... In fact two different interoperating implementations of such running code. In the end, it is your software and your choice. But alienating people by saying "just migrate over" is not going to actually get people migrated over. Paul, of to IETF cookies From js-otrim at webkeks.org Thu Nov 20 18:35:08 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Fri, 21 Nov 2008 00:35:08 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> Message-ID: <21EA341E-D8CE-401A-9A77-F77768D4125E@webkeks.org> Am 21.11.2008 um 00:29 schrieb Paul Wouters: > Funny that, I thought IETF standards required, apart from concensus on > the protocol, *running code*... In fact two different interoperating > implementations of such running code. For ESessions: There's only one implementation, that's why it has been deferred. For C2C TLS: There are already more than 2 clients AFAIK, but none of them has released a stable version with support for it yet. Anyway, XEPs don't need to be approved by the IETF, but by the XSF Council. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: This is a digitally signed message part URL: From bdm at fenrir.org.uk Fri Nov 21 03:06:03 2008 From: bdm at fenrir.org.uk (Brian Morrison) Date: Fri, 21 Nov 2008 08:06:03 +0000 Subject: [OTR-users] otr support in gajim? In-Reply-To: <21EA341E-D8CE-401A-9A77-F77768D4125E@webkeks.org> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> <21EA341E-D8CE-401A-9A77-F77768D4125E@webkeks.org> Message-ID: <20081121080603.6a433575@peterson.fenrir.org.uk> On Fri, 21 Nov 2008 00:35:08 +0100 Jonathan Schleifer wrote: > Anyway, XEPs don't need to be approved by the IETF, but by the XSF > Council. The wonderful thing about standards is that there are so many to choose from! -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From js-otrim at webkeks.org Fri Nov 21 04:52:38 2008 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Fri, 21 Nov 2008 10:52:38 +0100 Subject: [OTR-users] otr support in gajim? In-Reply-To: <20081121080603.6a433575@peterson.fenrir.org.uk> References: <856763.68104.qm@web23108.mail.ird.yahoo.com> <20081026205532.372f29cd@webkeks.org> <20081113012210.79d3467b@ananda-desktop> <491BAADF.4030702@gmail.com> <48C62D0F-D190-4549-8B72-19E5534DEEEB@webkeks.org> <20081113170013.GF14361@thunk.cs.uwaterloo.ca> <20081113181212.20441d63@webkeks.org> <4923679F.6080801@vfemail.net> <10F7B3A3-C127-4D52-83D6-F3839D87EF7A@webkeks.org> <21EA341E-D8CE-401A-9A77-F77768D4125E@webkeks.org> <20081121080603.6a433575@peterson.fenrir.org.uk> Message-ID: Am 21.11.2008 um 09:06 schrieb Brian Morrison: > The wonderful thing about standards is that there are so many to > choose > from! Well, for Jabber, there's only the 4 RFCs (with 3923 not being used because it's, well, strange) and the XEPs :). -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: This is a digitally signed message part URL: From andrei at srr.ro Mon Nov 24 15:55:39 2008 From: andrei at srr.ro (Andrei Boros) Date: Mon, 24 Nov 2008 22:55:39 +0200 Subject: [OTR-users] OTR and winpidgin Message-ID: <492B14CB.8060306@srr.ro> I am trying again with OTR plugin for pidgin and I got the latest in both. pidgin-2.5.2 and OTR-plugin-3.2.0. It works, apparently, with one problem : what I type I see in the conversation window as cyphertext. My conversation partner can see the correct plaintext, he can see his own correct plaintext. I can see his correct plaintext, but not my own. Help ? From ian at cypherpunks.ca Mon Nov 24 17:04:51 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 24 Nov 2008 17:04:51 -0500 Subject: [OTR-users] OTR and winpidgin In-Reply-To: <492B14CB.8060306@srr.ro> References: <492B14CB.8060306@srr.ro> Message-ID: <20081124220451.GR3049@yoink.cs.uwaterloo.ca> On Mon, Nov 24, 2008 at 10:55:39PM +0200, Andrei Boros wrote: > I am trying again with OTR plugin for pidgin and I got the latest in > both. pidgin-2.5.2 and OTR-plugin-3.2.0. > > It works, apparently, with one problem : what I type I see in the > conversation window as cyphertext. > My conversation partner can see the correct plaintext, he can see his > own correct plaintext. > I can see his correct plaintext, but not my own. > > Help ? Do you have other encryption plugins also enabled? Sometimes they don't get along properly, because pidgin's handling of multiple plugins for the same actions isn't always correct. - Ian From andrei at srr.ro Tue Nov 25 18:18:03 2008 From: andrei at srr.ro (Andrei Boros) Date: Wed, 26 Nov 2008 01:18:03 +0200 Subject: [OTR-users] OTR authenticate Message-ID: <492C87AB.4050905@srr.ro> I have tried the authentication mechanisms offered, and ran into problems as follows : - both ends pidgin-2.5.2 - both ends OTR 3.2.0 Tried authenticate via "question and answer" : - initiated question - window showed "waiting for buddy" - talked on the phone with my buddy. he answered the question, his window showed the same message - nothing happened Tried authenticate via "shared secret": - initiated question - window showed "waiting for buddy" - my buddy did not get any request to type the shared secret. Tried authenticate via "manual fingerprint" and we talked over the phone. The dropdown worked and now we are authenticated. But the first 2 methods didn't seem to work. From andrei at srr.ro Tue Nov 25 18:22:36 2008 From: andrei at srr.ro (Andrei Boros) Date: Wed, 26 Nov 2008 01:22:36 +0200 Subject: [OTR-users] OTR conversation window menu Message-ID: <492C88BC.9030604@srr.ro> I have discovered that when OTR plugin is enabled, in the conversation window menu I have 2 new items : "OTR" and an icon menu item. Both display the same menu, that of OTR. :-?? From ian at cypherpunks.ca Wed Nov 26 09:10:30 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 26 Nov 2008 09:10:30 -0500 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <492C88BC.9030604@srr.ro> References: <492C88BC.9030604@srr.ro> Message-ID: <20081126141030.GE10742@thunk.cs.uwaterloo.ca> On Wed, Nov 26, 2008 at 01:22:36AM +0200, Andrei Boros wrote: > I have discovered that when OTR plugin is enabled, in the conversation > window menu I have 2 new items : > > "OTR" and an icon menu item. > > Both display the same menu, that of OTR. :-?? That's correct. The new (well, not so new any more) version of Pidgin allows you to have multiple conversations going on at the same time in the same tab. If you do that, you need a way to tell which ones are private and which aren't. In that case, you'd see a single OTR menu (with the currently active conversation in it), and one little icon for each conversation, with the inactive ones lowlighted. - Ian From ian at cypherpunks.ca Wed Nov 26 09:11:34 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 26 Nov 2008 09:11:34 -0500 Subject: [OTR-users] OTR authenticate In-Reply-To: <492C87AB.4050905@srr.ro> References: <492C87AB.4050905@srr.ro> Message-ID: <20081126141134.GF10742@thunk.cs.uwaterloo.ca> On Wed, Nov 26, 2008 at 01:18:03AM +0200, Andrei Boros wrote: > I have tried the authentication mechanisms offered, and ran into > problems as follows : > > - both ends pidgin-2.5.2 > - both ends OTR 3.2.0 > > Tried authenticate via "question and answer" : > - initiated question > - window showed "waiting for buddy" > - talked on the phone with my buddy. he answered the question, his > window showed the same message > - nothing happened > > Tried authenticate via "shared secret": > - initiated question > - window showed "waiting for buddy" > - my buddy did not get any request to type the shared secret. > > Tried authenticate via "manual fingerprint" and we talked over the phone. > The dropdown worked and now we are authenticated. > But the first 2 methods didn't seem to work. Weird. What IM network were you using? - Ian From dkg at fifthhorseman.net Wed Nov 26 10:07:38 2008 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Nov 2008 10:07:38 -0500 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <20081126141030.GE10742@thunk.cs.uwaterloo.ca> (Ian Goldberg's message of "Wed\, 26 Nov 2008 09\:10\:30 -0500") References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> Message-ID: <87od02jzk5.fsf@squeak.fifthhorseman.net> On Wed 2008-11-26 09:10:30 -0500, Ian Goldberg wrote: > That's correct. The new (well, not so new any more) version of > Pidgin allows you to have multiple conversations going on at the > same time in the same tab. If you do that, you need a way to tell > which ones are private and which aren't. In that case, you'd see a > single OTR menu (with the currently active conversation in it), and > one little icon for each conversation, with the inactive ones > lowlighted. This is pretty confusing UI for the single-conversation window case, though. Perhaps that (common) case could be handled differently? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From ian at cypherpunks.ca Wed Nov 26 14:32:21 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 26 Nov 2008 14:32:21 -0500 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <87od02jzk5.fsf@squeak.fifthhorseman.net> References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> <87od02jzk5.fsf@squeak.fifthhorseman.net> Message-ID: <20081126193221.GJ10742@thunk.cs.uwaterloo.ca> On Wed, Nov 26, 2008 at 10:07:38AM -0500, Daniel Kahn Gillmor wrote: > On Wed 2008-11-26 09:10:30 -0500, Ian Goldberg wrote: > > > That's correct. The new (well, not so new any more) version of > > Pidgin allows you to have multiple conversations going on at the > > same time in the same tab. If you do that, you need a way to tell > > which ones are private and which aren't. In that case, you'd see a > > single OTR menu (with the currently active conversation in it), and > > one little icon for each conversation, with the inactive ones > > lowlighted. > > This is pretty confusing UI for the single-conversation window case, > though. Perhaps that (common) case could be handled differently? In this common case, you effectively have a single menu, headed by "OTR [icon]". Only part of the header gets highlighed when you pull it down, but that hardly seems worth changing if it causes inconsistency with the next common case, no? - Ian From dkg at fifthhorseman.net Wed Nov 26 19:44:13 2008 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Nov 2008 19:44:13 -0500 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <20081126193221.GJ10742@thunk.cs.uwaterloo.ca> (Ian Goldberg's message of "Wed\, 26 Nov 2008 14\:32\:21 -0500") References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> <87od02jzk5.fsf@squeak.fifthhorseman.net> <20081126193221.GJ10742@thunk.cs.uwaterloo.ca> Message-ID: <874p1u0zhe.fsf@squeak.fifthhorseman.net> On Wed 2008-11-26 14:32:21 -0500, Ian Goldberg wrote: > In this common case, you effectively have a single menu, headed by > "OTR [icon]". Only part of the header gets highlighed when you pull it > down, but that hardly seems worth changing if it causes inconsistency > with the next common case, no? I dunno. Andrei and i were both confused by it. I understand what you're saying, and it will certainly never bother me again now that i get it. But if it turns new users (and more specifically, non-developers) away from using OTR because of confusion in their first attempts, that would be a shame. I don't really have a better suggestion either, other than just stuffing the icon to the principal OTR menuitem in the single-conversation case, and breaking them all out separately in the multi-conversation case. Can the pidgin GUI toolkit do tooltips over menuitems? I'll play with the menus next time i'm using pidgin and see if i can figure anything better out. Sorry i'm not more of a UI designer. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From db.netres at gmail.com Thu Nov 27 04:07:04 2008 From: db.netres at gmail.com (db) Date: Thu, 27 Nov 2008 10:07:04 +0100 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <20081126141030.GE10742@thunk.cs.uwaterloo.ca> References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> Message-ID: On Wed, Nov 26, 2008 at 3:10 PM, Ian Goldberg wrote: > That's correct. The new (well, not so new any more) version of Pidgin > allows you to have multiple conversations going on at the same time in > the same tab. What is this? How do I do that? After reading this thread I looked through the tabs I had open in Pidgin and all tabs had one text and one icon menu, except one GTalk contact who had one text and two icon menus. Why? The conversation was not encrypted. I know that this contact uses the web interface in GMail, don't know if that makes any difference From ian at cypherpunks.ca Thu Nov 27 08:09:08 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 27 Nov 2008 08:09:08 -0500 Subject: [OTR-users] OTR conversation window menu In-Reply-To: References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> Message-ID: <20081127130908.GB15414@thunk.cs.uwaterloo.ca> On Thu, Nov 27, 2008 at 10:07:04AM +0100, db wrote: > On Wed, Nov 26, 2008 at 3:10 PM, Ian Goldberg wrote: > > > That's correct. The new (well, not so new any more) version of Pidgin > > allows you to have multiple conversations going on at the same time in > > the same tab. > > What is this? How do I do that? You can use the Expand/Collapse functionality of the buddy list to merge a bunch of buddies into one contact. All those buddies will show up in the same conversation tab. - Ian From andrei at srr.ro Thu Nov 27 18:46:55 2008 From: andrei at srr.ro (Andrei Boros) Date: Fri, 28 Nov 2008 01:46:55 +0200 Subject: [OTR-users] OTR conversation window menu In-Reply-To: <87od02jzk5.fsf@squeak.fifthhorseman.net> References: <492C88BC.9030604@srr.ro> <20081126141030.GE10742@thunk.cs.uwaterloo.ca> <87od02jzk5.fsf@squeak.fifthhorseman.net> Message-ID: <492F316F.1060103@srr.ro> Daniel Kahn Gillmor wrote: > On Wed 2008-11-26 09:10:30 -0500, Ian Goldberg wrote: > > >> That's correct. The new (well, not so new any more) version of >> Pidgin allows you to have multiple conversations going on at the >> same time in the same tab. If you do that, you need a way to tell >> which ones are private and which aren't. In that case, you'd see a >> single OTR menu (with the currently active conversation in it), and >> one little icon for each conversation, with the inactive ones >> lowlighted. >> > > This is pretty confusing UI for the single-conversation window case, > though. Perhaps that (common) case could be handled differently? > It is indeed confusing, one menu item is text, the other graphic. In my case, both contained same items. (during a private conversation with someone). Can this be related to a buddy having associated more then one ID? even so, I didn't see anything in the UI to suggest any connection to this scenario. (I assume I should've seen menu items saying about the other ID's that they are not on private) -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrei at srr.ro Thu Nov 27 18:57:24 2008 From: andrei at srr.ro (Andrei Boros) Date: Fri, 28 Nov 2008 01:57:24 +0200 Subject: [OTR-users] OTR 4 Thunderbird? Message-ID: <492F33E4.1090606@srr.ro> Does anyone have any knowledge of some OTR based extension being developed for Thunderbird, similar to what Enigmail does ? Is it at all possible with OTR? From alex323 at gmail.com Thu Nov 27 19:03:51 2008 From: alex323 at gmail.com (Alex) Date: Thu, 27 Nov 2008 19:03:51 -0500 Subject: [OTR-users] OTR 4 Thunderbird? In-Reply-To: <492F33E4.1090606@srr.ro> References: <492F33E4.1090606@srr.ro> Message-ID: <20081127190351.648433ad@mx.google.com> On Fri, 28 Nov 2008 01:57:24 +0200 Andrei Boros wrote: > Does anyone have any knowledge of some OTR based extension being > developed for Thunderbird, similar to what Enigmail does ? > The key exchange alone would require a bunch of emails to be sent back and forth... it's just not practical. OTR is meant for "instant" communication. -- Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From cognitive.libertarian+ml at gmail.com Sat Nov 29 18:53:50 2008 From: cognitive.libertarian+ml at gmail.com (cognitive.libertarian+ml at gmail.com) Date: Sun, 30 Nov 2008 00:53:50 +0100 Subject: [OTR-users] Initiating OTR from an irssi client to pidgin Message-ID: <20081129235350.GA13711@lenny.local> When an irssi client initiates OTR (user issues the /otr auth command), pidgin doesn't engage. The irssi user sees "OTR: Initiated authentication...", but the pidgin user sees no indication of an attempt to establish an OTR session. If a Pidgin user initiates OTR, then it works. Anyone know what the issue might be?