From otr-users at lists.cypherpunks.ca  Wed May 12 12:49:16 2010
From: otr-users at lists.cypherpunks.ca (Of1c1alS1teV1AGRA)
Date: Wed, 12 May 2010 08:49:16 -0800
Subject: [OTR-users] May online 1127858
Message-ID: <20100512004916.4009.qmail@ABTS-KK-dynamic-227.43.172.122.airtelbroadband.in>

An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100512/e3ac305e/attachment.html>

From otr-users at bobpaul.org  Fri May 21 14:28:38 2010
From: otr-users at bobpaul.org (Paul)
Date: Fri, 21 May 2010 13:28:38 -0500
Subject: [OTR-users] Managing multiple signins
Message-ID: <AANLkTinyh-WQPftDYgwANP97pUdqQVXbpIXCdxcX9RWO@mail.gmail.com>

I have a contact who remains signed into his GMail chat account in multiple
locations. I've gotten him to configure the "Resource" value so I can easily
tell which signin is work, him home, his phone, etc.

The problem I'm experiencing is if he's been idle for a long time and I try
to message him, OTR attempts to start a private conversation with first his
desktop and then his laptop. When he responds from his work location, I can
stop the private conversation, restart it and it will successfully connect
to his work machine.

I only ever IM him at work. Is there a way to force my OTR to attempt "
USER at gmail.com/Work" first? Or maybe a way to manually select which I want
to try?

Or what is the recommended way to deal with this sort of situation? I'm
pretty sure he gets garbage on his work IM whenever I initiate a
conversation, since OTR secures with one of his other computers until I stop
and re-start it.

--Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100521/520b3811/attachment.html>

From dap56 at cornell.edu  Fri May 21 14:35:52 2010
From: dap56 at cornell.edu (Daniel Perelman)
Date: Fri, 21 May 2010 14:35:52 -0400
Subject: [OTR-users] Managing multiple signins
In-Reply-To: <AANLkTinyh-WQPftDYgwANP97pUdqQVXbpIXCdxcX9RWO@mail.gmail.com>
References: <AANLkTinyh-WQPftDYgwANP97pUdqQVXbpIXCdxcX9RWO@mail.gmail.com>
Message-ID: <AANLkTincyksIliaQlG-mgCgaT3igPJwKLLUODmlQAZOj@mail.gmail.com>

There was a post a few months ago about a new version of the protocol
which, among other things, would fix that problem (it is even worse
with AIM because AIM doesn't have an equivalent of resources or
tracking which computers are part of a conversation). I am not sure
what happened to that. I assume the devs have been busy with other
things and it will materialize eventually.

A quick work around is to say "hi" and get the other person to say
"hi" back (i.e. both people say something indicating they are there
which has no real content so it does not need to be encrypted). On
XMPP (including GTalk) this lets the server know which two computers
the conversation is between and it will not send the messages to the
other computers the participants are logged in from. Note that that
gets reset when you go from available to away, so you might have to
re-initiate the OTR conversation if one person goes away but continues
to be in the conversation.

Also, I think you can just tell Pidgin to send an IM to
user at gmail.com/Work, but note that GTalk puts the random hex string in
the resources so you would have to check what the actual resource was.

  - Daniel

On Fri, May 21, 2010 at 14:28, Paul <otr-users at bobpaul.org> wrote:
> I have a contact who remains signed into his GMail chat account in multiple
> locations.?I've gotten him to configure the "Resource" value so I can easily
> tell which signin is work, him home, his phone, etc.
> The problem I'm experiencing is if he's been idle for a long time and I try
> to message him, OTR attempts to start a private conversation with first his
> desktop and then his laptop. When he responds from his work location, I can
> stop the private conversation, restart it and it will?successfully?connect
> to his work machine.
> I only ever IM him at work. Is there a way to force my OTR to attempt
> "USER at gmail.com/Work" first? Or maybe a way to manually select which I want
> to try?
> Or what is the recommended way to deal with this sort of situation? I'm
> pretty sure he gets garbage on his work IM whenever I initiate a
> conversation, since OTR secures with one of his other computers until I stop
> and re-start it.
> --Paul
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
>


From nieves at inbox.com  Wed May 26 02:26:03 2010
From: nieves at inbox.com (Steve Nieves)
Date: Tue, 25 May 2010 23:26:03 -0700
Subject: [OTR-users] OTR for android mobiles
Message-ID: <4BFCBEFB.8000402@inbox.com>

I just came across this site which claims to have implemented OTR (or
something similar?) in a product called TextSecure for SMS messaging on
android mobile phones:
http://www.whispersys.com/support.html

____________________________________________________________
Publish your photos in seconds for FREE
TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if4


From adg at crypto.lo.gy  Wed May 26 03:07:31 2010
From: adg at crypto.lo.gy (Alfonso De Gregorio)
Date: Wed, 26 May 2010 09:07:31 +0200
Subject: [OTR-users] OTR for android mobiles
In-Reply-To: <4BFCBEFB.8000402@inbox.com>
References: <4BFCBEFB.8000402@inbox.com>
Message-ID: <AANLkTimaEU4e9rvU9himoX8bT4WIJpZecC8fxbLkY67E@mail.gmail.com>

On Wed, May 26, 2010 at 8:26 AM, Steve Nieves <nieves at inbox.com> wrote:
> I just came across this site which claims to have implemented OTR (or
> something similar?) in a product called TextSecure for SMS messaging on
> android mobile phones:
> http://www.whispersys.com/support.html

Thanks Steve!

Here is the Forbes' take on Whisper Systems: Android App Aims to Allow
Wiretap-Proof Cell Phone Calls
http://blogs.forbes.com/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/

How many companies are using OTR, or building upon OTR, in their
products to date?

Cheers,

-- 
  Alfonso De Gregorio,  http://Crypto.lo.gy/


From mansourmoufid at gmail.com  Wed May 26 13:58:29 2010
From: mansourmoufid at gmail.com (Mansour Moufid)
Date: Wed, 26 May 2010 13:58:29 -0400
Subject: [OTR-users] OTR for android mobiles
In-Reply-To: <AANLkTimaEU4e9rvU9himoX8bT4WIJpZecC8fxbLkY67E@mail.gmail.com>
References: <4BFCBEFB.8000402@inbox.com>
	<AANLkTimaEU4e9rvU9himoX8bT4WIJpZecC8fxbLkY67E@mail.gmail.com>
Message-ID: <AANLkTik8-usFmZkM-jSAnBLlMPCHUV1KzDQ_YkEakv-R@mail.gmail.com>

On Wed, May 26, 2010 at 3:07 AM, Alfonso De Gregorio <adg at crypto.lo.gy> wrote:
> Here is the Forbes' take on Whisper Systems: Android App Aims to Allow
> Wiretap-Proof Cell Phone Calls
> http://blogs.forbes.com/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/

TextSecure sounds very interesting! Especially since Whisper Systems
plan on making it open source soon. Apparently they implemented a
version of OTR that uses ECC keys:
<http://www.whispersys.com/support.html#6>

> How many companies are using OTR, or building upon OTR, in their
> products to date?

You may already be aware of BEEM, which has implemented OTR for XMPP
using the otr4j library:
<http://www.beem-project.com/issues/239>

The Guardian Project's Twitter feed (@guardianproject) points to a few
other interesting projects.

-- 
Mansour Moufid


From marti at juffo.org  Sat May 29 12:16:55 2010
From: marti at juffo.org (Marti Raudsepp)
Date: Sat, 29 May 2010 19:16:55 +0300
Subject: [OTR-users] OTR for android mobiles
In-Reply-To: <AANLkTik8-usFmZkM-jSAnBLlMPCHUV1KzDQ_YkEakv-R@mail.gmail.com>
References: <4BFCBEFB.8000402@inbox.com>
	<AANLkTimaEU4e9rvU9himoX8bT4WIJpZecC8fxbLkY67E@mail.gmail.com> 
	<AANLkTik8-usFmZkM-jSAnBLlMPCHUV1KzDQ_YkEakv-R@mail.gmail.com>
Message-ID: <AANLkTinWrUco0JbfMTKB-hhobC86Z-xQhTG6634K9LET@mail.gmail.com>

On Wed, May 26, 2010 at 8:58 PM, Mansour Moufid <mansourmoufid at gmail.com> wrote:
> TextSecure sounds very interesting! Especially since Whisper Systems
> plan on making it open source soon.

According to their FAQ it seems that they're only intending to release
it as "viewable source", not actually open source.

Regards,
Marti


From perrin at apotheon.com  Sat May 29 11:55:13 2010
From: perrin at apotheon.com (Chad Perrin)
Date: Sat, 29 May 2010 09:55:13 -0600
Subject: [OTR-users] OTR for android mobiles
In-Reply-To: <AANLkTinWrUco0JbfMTKB-hhobC86Z-xQhTG6634K9LET@mail.gmail.com>
References: <4BFCBEFB.8000402@inbox.com>
	<AANLkTimaEU4e9rvU9himoX8bT4WIJpZecC8fxbLkY67E@mail.gmail.com>
	<AANLkTik8-usFmZkM-jSAnBLlMPCHUV1KzDQ_YkEakv-R@mail.gmail.com>
	<AANLkTinWrUco0JbfMTKB-hhobC86Z-xQhTG6634K9LET@mail.gmail.com>
Message-ID: <20100529155513.GA87292@guilt.hydra>

On Sat, May 29, 2010 at 07:16:55PM +0300, Marti Raudsepp wrote:
> On Wed, May 26, 2010 at 8:58 PM, Mansour Moufid <mansourmoufid at gmail.com> wrote:
> > TextSecure sounds very interesting! Especially since Whisper Systems
> > plan on making it open source soon.
> 
> According to their FAQ it seems that they're only intending to release
> it as "viewable source", not actually open source.

I talked to Moxie in #whispersystems today.  He is *not* intending to
release either RedPhone or TextSecure under the terms of an open source
license.  He only means to make it available under the terms of a license
that allows *auditing* the source code.  I find that pretty
disappointing, but it's better (for security purposes) than just keeping
the source code entirely under wraps (as long as you trust him to use the
source you can actually audit in his distributed applications).

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100529/600d30a6/attachment.pgp>