[OTR-users] OTR for audio/speech
Peter Saint-Andre
stpeter at stpeter.im
Thu Apr 19 16:48:20 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 4/19/12 2:39 PM, Greg Reagle wrote:
> On Thu, Apr 19, 2012, at 02:28 PM, Peter Saint-Andre wrote:
>> However, to be fully secure you'd need to make sure that the
>> signalling path is also encrypted. Unfortunately, right now OTR
>> does not support encryption of the complete XMPP "stanza"
>> (packet) used for negotiation of the media session. I am hoping
>> that folks who care about this enough can work with the OTR team
>> to build full-stanza encryption into a future version of OTR.
>
> Thanks Peter. Does this lack of full stanza encryption affect all
> OTR use (including instant messaging), or just OTR use for
> audio/video?
If all you do is send unformatted messages, then OTR is fine. If you
do things like send an HTML-formatted message in addition to the plain
text (see <http://xmpp.org/extensions/xep-0071.html>) then that added
information might not be encrypted. That's true for a message subject
<http://tools.ietf.org/html/rfc6121#section-5.2.4> too and any
anything other than what in Jabber/XMPP is the <body/> element of the
<message/> "stanza". Because XMPP is extensible, the fact that OTR
encrypts only that <body/> element has worried us Jabberites for a
while and has led XMPP developers to keep inventing new approaches to
end-to-end encryption, none of which has really taken off. :(
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+QehQACgkQNL8k5A2w/vwpowCg6b5n61ann877NdOp/P9VzdTM
kFgAn3QHHLO6qh87yXT9EPQ3L325+cCr
=CLxn
-----END PGP SIGNATURE-----
More information about the OTR-users
mailing list