From ldm at gmx.at Wed Jul 8 06:26:20 2009 From: ldm at gmx.at (Markus Krainz) Date: Wed, 08 Jul 2009 12:26:20 +0200 Subject: [OTR-users] encrypted file transfer In-Reply-To: References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> <4A481373.1000603@gmx.at> <20090629134501.GC14669@thunk.cs.uwaterloo.ca> <4A48FA47.7050306@gmx.at> Message-ID: <4A54744C.4070700@gmx.at> Exacty, I boostrap GPG with OTR. Look, I never claimed to have found the holy grail of IM file transfer. I just shared how I do it given the fact that OTR alone cannot provide secure file transfer right now AFAIK. If anybody wants to brainstorm secure file transfer indeas with OTR in the developer mailing list count me in. Regards, Markus PS: I personally would love to bootstrap via DNSSEC and encrypt everything at OSI layer 3. :-P otr-users at lists.cypherpunks.ca wrote: > On Mon, 29 Jun 2009, Markus Krainz wrote: > >> The advantage is that once you got your conversional partners PGP key >> over OTR you can also send him files over mail, even if he's not >> currently online. > > But will you boostrap GPG with OTR, or OTR with GPG :) > > Personally, I'd prefer a bootstrap via DNSSEC :) > > Paul > From zl1dx1m at earthlights.net Wed Jul 8 16:43:56 2009 From: zl1dx1m at earthlights.net (ZL1DX1M) Date: Thu, 9 Jul 2009 08:43:56 +1200 Subject: [OTR-users] Idiots Guide Needed Message-ID: <1803468288.20090709084356@earthlights.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, Is there an Idiots Guide somewhere that I can use to learn how to use OTR? I'm brand new to this and have just installed OTR in Miranda IM, but don't have a clue how to use it. Best regards, Jim ZL1DX1M Live AIS: http://www.nzais.earthlights.net Weather: http://www.sanctuaryweather.co.nz Auckland, NZ 36?54'0"S 174?44'0"E (177ft ASL) at 8:42 a.m. on Thursday, 9 July 2009 Receivers: Kenwood R-5000 (2), Sangean ATS 909, Uniden UBC72xlt, Uniden UBCT8, AIS SR161 Antennas: Wellbrook ALA1530, Par Electronics EF-SWL, Diamond D130 discone, ACR AIS-A3200 VHF Marine Antenna, Garex AIS preamp This e-mail message is confidential and contains legally privileged and copyrighted information. If you are the intended recipient of this email, you should not copy, forward or in any way disclose the contents of this email to any other party without the express permission of the writer, or unless this email has been sent by the writer to an email list or group. If you are not the intended recipient you should not read, copy, distribute, disclose or otherwise use the information in this e-mail but instead immediately delete this email from your computer. For my Public Key, please send a blank email to pgpkey at earthlights.net - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Is your email secure? Comment: Always! encrypt sensitive emails iEYEARECAAYFAkpVBQ4ACgkQrEJLzOPDouOL5wCgqwstJpwfxf36lUBwAmn+hDRr tYkAoKIhxm/yYlUaohuHe18w31I1uren =Ydaz -----END PGP SIGNATURE----- From ldm at gmx.at Thu Jul 9 04:53:37 2009 From: ldm at gmx.at (Markus Krainz) Date: Thu, 09 Jul 2009 10:53:37 +0200 Subject: [OTR-users] encrypted file transfer In-Reply-To: References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> <4A481373.1000603@gmx.at> <20090629134501.GC14669@thunk.cs.uwaterloo.ca> <4A48FA47.7050306@gmx.at> <4A54744C.4070700@gmx.at> Message-ID: <4A55B011.7070901@gmx.at> Like Ian said, we have a student working on implementing this now. > > https://gsoc.xelerance.com/projects/otr-symkey/wiki Usefull link, thank you. Looks promising. When can we expect to see first results? >> PS: I personally would love to bootstrap via DNSSEC and encrypt >> everything at OSI layer 3. :-P > > The OSI model is dead! The IP model won when? 1988? > > Paul > You are such a smart-ass Paul. The OSI layer 3 maps 1:1 to the Internet layer. :-P Greetings. Markus From bdm at fenrir.org.uk Thu Jul 9 05:41:11 2009 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 09 Jul 2009 10:41:11 +0100 Subject: [OTR-users] Idiots Guide Needed In-Reply-To: <1803468288.20090709084356@earthlights.net> References: <1803468288.20090709084356@earthlights.net> Message-ID: <4A55BB37.7090601@fenrir.org.uk> ZL1DX1M wrote: > Is there an Idiots Guide somewhere that I can use to learn how to use OTR? > I'm brand new to this and have just installed OTR in Miranda IM, but don't > have a clue how to use it. I don't know of a guide as such, but you could try reading the papers listed on the OTR web pages at Cypherpunks. IIRC at least one of them has a discussion of users' difficulties and as such it describes the steps to use it. Essentially all you do is generate a key for a given IM service (this is done off line, or at least not during a conversation), then authenticate someone you talk to by exchanging a shared secret, or switching to advanced mode and exchanging key fingerprints via a different mechanism, say over a mobile phone, landline phone or email. The latter should preferably be encrypted. The shared secret approach is useful when you already know someone, for people you don't know the other method is sensible. Once you have done this you can mark that person's key as authenticated and it will then be trusted. You can use OTR without authenticating, but then you are not certain who you are talking to. -- Brian From crashnet at hotmail.com Wed Jul 15 12:16:23 2009 From: crashnet at hotmail.com (Tim Clark) Date: Wed, 15 Jul 2009 16:16:23 +0000 Subject: [OTR-users] History Encryption Message-ID: Newbie question, but i could not find the answer in the FAQ nor Google. Using the Pidgin OTR plugin for windows, is chat history encrypted? (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? THANKS Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdm at fenrir.org.uk Wed Jul 15 12:37:36 2009 From: bdm at fenrir.org.uk (Brian Morrison) Date: Wed, 15 Jul 2009 17:37:36 +0100 Subject: [OTR-users] History Encryption In-Reply-To: References: Message-ID: <4A5E05D0.2040705@fenrir.org.uk> Tim Clark wrote: > > Using the Pidgin OTR plugin for windows, is chat history encrypted? No, it isn't > > (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? If you want the security and plausible deniability aspects of Pidgin then keeping a log of what was said is not a great solution. If you accept that the deniability would be lost then you can protect the logs using an encryption program such as GnuPG. -- Brian From ian at cypherpunks.ca Wed Jul 15 13:20:16 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 15 Jul 2009 13:20:16 -0400 Subject: [OTR-users] History Encryption In-Reply-To: <4A5E05D0.2040705@fenrir.org.uk> References: <4A5E05D0.2040705@fenrir.org.uk> Message-ID: <20090715172016.GO4259@thunk.cs.uwaterloo.ca> On Wed, Jul 15, 2009 at 05:37:36PM +0100, Brian Morrison wrote: > Tim Clark wrote: > > > > Using the Pidgin OTR plugin for windows, is chat history encrypted? > > No, it isn't > > > > > (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? > > If you want the security and plausible deniability aspects of Pidgin > then keeping a log of what was said is not a great solution. Note that there's the "don't log OTR conversations" config option to help you not keep logs. > If you accept that the deniability would be lost then you can protect > the logs using an encryption program such as GnuPG. Technically, plaintext logs are still deniable, since anyone could have edited your log file to say anything. But you lose confidentiality, which is much worse. Encrypted log files can be made deniable if they're public-key encrypted to your key, but you still lose authenticity in that case. - Ian From crashnet at hotmail.com Wed Jul 15 13:28:12 2009 From: crashnet at hotmail.com (Tim Clark) Date: Wed, 15 Jul 2009 17:28:12 +0000 Subject: [OTR-users] History Encryption In-Reply-To: <4A5E05D0.2040705@fenrir.org.uk> References: <4A5E05D0.2040705@fenrir.org.uk> Message-ID: > > (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? > > If you want the security and plausible deniability aspects of Pidgin > then keeping a log of what was said is not a great solution. > > If you accept that the deniability would be lost then you can protect > the logs using an encryption program such as GnuPG. unless i store the chat history inside a truecrypt volume, which preserves plausible deniability. but thats really an overkill for my needs. thanks brian -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdm at fenrir.org.uk Wed Jul 15 13:37:34 2009 From: bdm at fenrir.org.uk (Brian Morrison) Date: Wed, 15 Jul 2009 18:37:34 +0100 Subject: [OTR-users] History Encryption In-Reply-To: References: <4A5E05D0.2040705@fenrir.org.uk> Message-ID: <4A5E13DE.7050301@fenrir.org.uk> Tim Clark wrote: >>> (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? >> If you want the security and plausible deniability aspects of Pidgin >> then keeping a log of what was said is not a great solution. >> >> If you accept that the deniability would be lost then you can protect >> the logs using an encryption program such as GnuPG. > > unless i store the chat history inside a truecrypt volume, which preserves plausible deniability. but thats really an overkill for my needs. Well actually you want to store the history in a truecrypt volume inside another truecrypt volume, and I would argue to do it because you can! If everyone did something of that nature, snooping would become a thing of the past.... -- Brian From ldm at gmx.at Wed Jul 15 18:10:36 2009 From: ldm at gmx.at (Markus Krainz) Date: Thu, 16 Jul 2009 00:10:36 +0200 Subject: [OTR-users] History Encryption In-Reply-To: <4A5E13DE.7050301@fenrir.org.uk> References: <4A5E05D0.2040705@fenrir.org.uk> <4A5E13DE.7050301@fenrir.org.uk> Message-ID: <4A5E53DC.2050009@gmx.at> Brian Morrison wrote: > Tim Clark wrote: > >>>> (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? >>>> >>> If you want the security and plausible deniability aspects of Pidgin >>> then keeping a log of what was said is not a great solution. >>> >>> If you accept that the deniability would be lost then you can protect >>> the logs using an encryption program such as GnuPG. >>> >> unless i store the chat history inside a truecrypt volume, which preserves plausible deniability. but thats really an overkill for my needs. >> > > Well actually you want to store the history in a truecrypt volume inside > another truecrypt volume, and I would argue to do it because you can! > > If everyone did something of that nature, snooping would become a thing > of the past.... > > Not quite. That's what hardware keyloggers are for. To further improve security you can use a notebook with TPM and secure your bootloader and BIOS with it. Never let your notebook out of sight and do not use an external keyboard. From esurnir at gmail.com Wed Jul 15 19:46:55 2009 From: esurnir at gmail.com (Jean-Baptiste Zeller) Date: Wed, 15 Jul 2009 19:46:55 -0400 Subject: [OTR-users] History Encryption In-Reply-To: <4A5E53DC.2050009@gmx.at> References: <4A5E05D0.2040705@fenrir.org.uk> <4A5E13DE.7050301@fenrir.org.uk> <4A5E53DC.2050009@gmx.at> Message-ID: <78ce815d0907151646t4fb9b93eje36e645d415f7ba@mail.gmail.com> On Wed, Jul 15, 2009 at 6:10 PM, Markus Krainz wrote: > > Brian Morrison wrote: > > Tim Clark wrote: > > > >>>> (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin? > >>>> > >>> If you want the security and plausible deniability aspects of Pidgin > >>> then keeping a log of what was said is not a great solution. > >>> > >>> If you accept that the deniability would be lost then you can protect > >>> the logs using an encryption program such as GnuPG. > >>> > >> unless i store the chat history inside a truecrypt volume, which preserves plausible deniability. but thats really an overkill for my needs. > >> > > > > Well actually you want to store the history in a truecrypt volume inside > > another truecrypt volume, and I would argue to do it because you can! > > > > If everyone did something of that nature, snooping would become a thing > > of the past.... > > > > > Not quite. That's what hardware keyloggers are for. > To further improve security you can use a notebook with TPM and secure > your bootloader and BIOS with it. > Never let your notebook out of sight and do not use an external keyboard. > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users Not to forget that nowadays snooping on keyboard wirelessly (like from the next hotel room) seems to be a piece of cake according to the latest research :). -- Jean-Baptiste Zeller From christopher.lemire at gmail.com Thu Jul 16 03:32:35 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Thu, 16 Jul 2009 02:32:35 -0500 Subject: [OTR-users] Otr for blackberry In-Reply-To: <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jun 20, 2009 at 8:34 AM, Ian Goldberg wrote: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6) iD8DBQFKXteYxp8Ys+E7CQkRAs9MAJoCD6NDpLiRNaV6F7r20XNpNilEnwCfZbcJ du631U1bAefFZ72bkDwLX8s= =uFKb -----END PGP SIGNATURE----- > > On Sat, Jun 20, 2009 at 11:52:25AM +0000, christopher.lemire at gmail.com wrote: > > Hello, I use otr in both linux and windblows. A lot of people I > > communicate with use it. They send me otr encrypted messages not > > knowing I'm on my phone and I see the message as unencrypted. I was > > wondering if it would be possible to make otr for the blackberry > > phone. The instant messenger client supports many protocols and uses > > libpurple. I forgot which version of libpurple, but I can find out. > > Are you sure? ?libpurple is a C library, and (third-party) BB progs have > to be written in J2ME. > > That said, we're working on a java version of libotr, so this will > hopefully be possible soon. > > > Would this be difficult to port? Another thought was having otr use > > gpg keys. Authentication could be set up without otr by signing public > > keys. Thanks. > > Lots of people suggest that, but don't take into account that there's no > standard way to indicate your IM username and network in your gpg > userid, so manual intervention would still be required. > > ? - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users What is the website for that Java port of Libpurple? Can I svn checkout the code? How's the progress going? I'm really interested in that project. -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 From ian at cypherpunks.ca Thu Jul 16 11:40:04 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 16 Jul 2009 11:40:04 -0400 Subject: [OTR-users] History Encryption In-Reply-To: <78ce815d0907151646t4fb9b93eje36e645d415f7ba@mail.gmail.com> References: <4A5E05D0.2040705@fenrir.org.uk> <4A5E13DE.7050301@fenrir.org.uk> <4A5E53DC.2050009@gmx.at> <78ce815d0907151646t4fb9b93eje36e645d415f7ba@mail.gmail.com> Message-ID: <20090716154004.GB7526@thunk.cs.uwaterloo.ca> On Wed, Jul 15, 2009 at 07:46:55PM -0400, Jean-Baptiste Zeller wrote: > Not to forget that nowadays snooping on keyboard wirelessly (like from > the next hotel room) seems to be a piece of cake according to the > latest research :). Indeed, that was a cool demo. If an adversary is physically attacking your endpoint *while you're typing your messages*, you're probably toast. But OTR does protect you from an adversary attacking the network (in real time), or your endpoint (after the fact), which is pretty much all one could expect. - Ian From ian at cypherpunks.ca Thu Jul 16 13:16:20 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 16 Jul 2009 13:16:20 -0400 Subject: [OTR-users] Otr for blackberry In-Reply-To: References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> Message-ID: <20090716171620.GE7526@thunk.cs.uwaterloo.ca> On Thu, Jul 16, 2009 at 02:32:35AM -0500, Christopher Lemire wrote: > What is the website for that Java port of Libpurple? Can I svn > checkout the code? How's the progress going? I'm really interested in > that project. We're working on a Java version of libotr, not a Java version of libpurple. We should have something online pretty soon, actually. - Ian From mansourmoufid at gmail.com Thu Jul 16 14:04:12 2009 From: mansourmoufid at gmail.com (Mansour Moufid) Date: Thu, 16 Jul 2009 14:04:12 -0400 Subject: [OTR-users] Otr for blackberry In-Reply-To: <20090716171620.GE7526@thunk.cs.uwaterloo.ca> References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> <20090716171620.GE7526@thunk.cs.uwaterloo.ca> Message-ID: <44a1f4d20907161104r5697c308h24ac540e21c59790@mail.gmail.com> On Thu, Jul 16, 2009 at 1:16 PM, Ian Goldberg wrote: > We're working on a Java version of libotr, not a Java version of > libpurple. ?We should have something online pretty soon, actually. This discussion got me thinking about other platforms. Once libotr is ported to Java, it should be possible to come up with an Android front-end for it. *Text messages* could be sent using OTR, transparently to the user. Perhaps key generation could be done automatically in the background at first start-up, and the interface for adding/transferring contacts would take care of authentication. Of course, this means the sender would no longer have plausible deniability, but it would still protect both parties in case of a stolen or lost phone, with confidentiality and forward secrecy. -- Mansour Moufid http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x95BBC25F From ian at cypherpunks.ca Thu Jul 16 15:28:30 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 16 Jul 2009 15:28:30 -0400 Subject: [OTR-users] Otr for blackberry In-Reply-To: <44a1f4d20907161104r5697c308h24ac540e21c59790@mail.gmail.com> References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> <20090716171620.GE7526@thunk.cs.uwaterloo.ca> <44a1f4d20907161104r5697c308h24ac540e21c59790@mail.gmail.com> Message-ID: <20090716192830.GK7526@thunk.cs.uwaterloo.ca> On Thu, Jul 16, 2009 at 02:04:12PM -0400, Mansour Moufid wrote: > On Thu, Jul 16, 2009 at 1:16 PM, Ian Goldberg wrote: > > We're working on a Java version of libotr, not a Java version of > > libpurple. ?We should have something online pretty soon, actually. > > This discussion got me thinking about other platforms. > > Once libotr is ported to Java, it should be possible to come up with > an Android front-end for it. *Text messages* could be sent using OTR, > transparently to the user. Yup, among other applications. ;-) - Ian From crashnet at hotmail.com Fri Jul 17 04:49:28 2009 From: crashnet at hotmail.com (Tim Clark) Date: Fri, 17 Jul 2009 08:49:28 +0000 Subject: [OTR-users] History Encryption In-Reply-To: <4A5E53DC.2050009@gmx.at> References: <4A5E05D0.2040705@fenrir.org.uk> <4A5E13DE.7050301@fenrir.org.uk> <4A5E53DC.2050009@gmx.at> Message-ID: > Not quite. That's what hardware keyloggers are for. > To further improve security you can use a notebook with TPM and secure > your bootloader and BIOS with it. > Never let your notebook out of sight and do not use an external keyboard. i remember reading something that TPM could be defeated by applying freezing spray on the TPM chip? Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From gilles at gravier.org Fri Jul 17 05:07:42 2009 From: gilles at gravier.org (Gilles Gravier) Date: Fri, 17 Jul 2009 11:07:42 +0200 Subject: [OTR-users] History Encryption In-Reply-To: References: <4A5E05D0.2040705@fenrir.org.uk> <4A5E13DE.7050301@fenrir.org.uk> <4A5E53DC.2050009@gmx.at> Message-ID: <91d4233c0907170207p63a93e1ap4a56648150241590@mail.gmail.com> Depends on the TPM. They're supposed to be able to detect violent environmental changes and react if they consider that an attack. On 7/17/09, Tim Clark wrote: > >> Not quite. That's what hardware keyloggers are for. >> To further improve security you can use a notebook with TPM and secure >> your bootloader and BIOS with it. >> Never let your notebook out of sight and do not use an external keyboard. > > i remember reading something that TPM could be defeated by applying freezing > spray on the TPM chip? > > Tim > -- Sent from my mobile device Gilles Gravier - Gilles at Gravier.org Using Google Apps web mail From eyv at cs.umn.edu Fri Jul 17 22:41:51 2009 From: eyv at cs.umn.edu (Eugene Y. Vasserman) Date: Fri, 17 Jul 2009 21:41:51 -0500 Subject: [OTR-users] OTR-users Digest, Vol 13, Issue 4 In-Reply-To: References: Message-ID: <4A61366F.2010202@cs.umn.edu> I have it on good authority that the TPM was never meant to protect from hardware attack similar to the type you describe, such as freezing and then de-packaging the chip. In fact, if you wanted to get at the "private" communication between the TPM and the processor, all you have to do is attach a probe to the system bus. Probing the bus does not get you TPM keys, but it *does* give you access to decrypted content. Does anyone know for a fact if I'm wrong? Eugene > Depends on the TPM. They're supposed to be able to detect violent > environmental changes and react if they consider that an attack. > > On 7/17/09, Tim Clark wrote: >> > >>> >> Not quite. That's what hardware keyloggers are for. >>> >> To further improve security you can use a notebook with TPM and secure >>> >> your bootloader and BIOS with it. >>> >> Never let your notebook out of sight and do not use an external keyboard. >> > >> > i remember reading something that TPM could be defeated by applying freezing >> > spray on the TPM chip? >> > >> > Tim From esurnir at gmail.com Mon Jul 20 14:45:17 2009 From: esurnir at gmail.com (Jean-Baptiste Zeller) Date: Mon, 20 Jul 2009 14:45:17 -0400 Subject: [OTR-users] Otr for blackberry In-Reply-To: <20090716192830.GK7526@thunk.cs.uwaterloo.ca> References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> <20090716171620.GE7526@thunk.cs.uwaterloo.ca> <44a1f4d20907161104r5697c308h24ac540e21c59790@mail.gmail.com> <20090716192830.GK7526@thunk.cs.uwaterloo.ca> Message-ID: <78ce815d0907201145y5a8aa33ax773dbc4fffd1fa9@mail.gmail.com> On Thu, Jul 16, 2009 at 3:28 PM, Ian Goldberg wrote: > On Thu, Jul 16, 2009 at 02:04:12PM -0400, Mansour Moufid wrote: >> On Thu, Jul 16, 2009 at 1:16 PM, Ian Goldberg wrote: >> > We're working on a Java version of libotr, not a Java version of >> > libpurple. ?We should have something online pretty soon, actually. >> >> This discussion got me thinking about other platforms. >> >> Once libotr is ported to Java, it should be possible to come up with >> an Android front-end for it. *Text messages* could be sent using OTR, >> transparently to the user. > > Yup, among other applications. ?;-) > > ? - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > I think there is a good change the phone bill will becomes heavy though... with SMS containing the DH exchange. But well there are unlimited text plan running around, it should be put in bold letter "get an unlimited text plan or you'll regret it". -- Jean-Baptiste Zeller From js-otrim at webkeks.org Wed Jul 22 18:56:03 2009 From: js-otrim at webkeks.org (Jonathan Schleifer) Date: Thu, 23 Jul 2009 00:56:03 +0200 Subject: [OTR-users] [OTR-dev] Reccomended version of libgcrypt? Libotr status messages. In-Reply-To: <20090722200203.GC31892@thunk.cs.uwaterloo.ca> References: <20090722084050.DB4F1B8044@smtp.hushmail.com> <20090722122153.GB29739@thunk.cs.uwaterloo.ca> <20090722160714.0462301c@webkeks.org> <20090722200203.GC31892@thunk.cs.uwaterloo.ca> Message-ID: Am 22.07.2009 um 22:02 schrieb Ian Goldberg: > I'd actually love to get your feedback on whether what's in CVS now > would work for you. Putting it on my TODO. >> One question though: Would it be possible to encrypt whole stanzas >> maybe in a way that is still compatible with transports? For example >> you encrypt the body in a way that is backwards-compatible and then >> you >> encrypt additional tags that can be attached to a message (like >> XHTML-IM) separately, which are then only handled if the client on >> the >> other side is a Jabber client. In XMPP, a message is more than just a text message. I will demonstrate with a few stanzas: This is a message. This is just a plain message that you can also send in for example ICQ. It's just text. But you can also have stuff like this: This is a message. This is an additional element with extra info This extra info can be almost anything. It can be the same message again in XHTML with formatting. It can be additional info like a mood attached to the message. There is an endless count of XEPs (XMPP Extension Protocols) that does this. But there is also this type of message: This message has no actual message, only extra info The idea is: Send type 1 like you would send a message to an ICQ user. Type 2 would be a bit more complicated: Take the element and encrypt it like you would for an ICQ user. Take the other tags and encrypt them and send them as additional info, so ICQ clients would ignore it and only XMPP clients would handle it. For type 3, it would be like for type 2, but you send an empty message, which should be completely ignored by ICQ etc. Hope I clarified what I meant a little bit :). -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: Signierter Teil der Nachricht URL: From chris-tuchs at hushmail.com Sat Jul 25 21:20:20 2009 From: chris-tuchs at hushmail.com (chris-tuchs at hushmail.com) Date: Sat, 25 Jul 2009 18:20:20 -0700 Subject: [OTR-users] GreenLife Emerald Viewer, a second life client, supports OTR Message-ID: <20090726012020.AC15DB0048@smtp.hushmail.com> You can use OTR in Second Life now with the GreenLife Emerald Viewer. Source and binaries are available for Linux, Mac, and Microsoft windows at http://modularsystems.sl/ Chris