[OTR-dev] Re: [Gaim-devel] gaim-OTR, AIM DirectIM, and messaging signals

Ethan Blanton eblanton at cs.ohiou.edu
Mon Feb 20 12:11:48 EST 2006


Evan Schoenberg spake unto us the following wisdom:
> On Feb 20, 2006, at 1:04 AM, Mark Doliner wrote:
> >That would be kind of a pain, but if you really want to fix it I 
> >guess that's the only way to do it.  Personally I'd rather see us
> >implement AIM's built-in encryption capabilities.  That wouldn't solve
> >the problem, but it would hopefully make it less of an issue?
> 
> Eh, from what I've heard, AIM's built-in encryption is nothing to  
> write home about nor possibly even to write gaim-devl about.  IANAC,  
> though.  Either way, even if we implement AIM's solution, that  
> doesn't mean that (a) people won't still want to use the less- 
> configuration, documented-protocol, etc. OTR solution, (b) other,  
> similar solutions won't come up in the future, and (c) Sametime and  
> any other prpl that needs pre/post prpl-level message processing will  
> be fixed.

It's interesting that you say it's nothing to write home about ...
what have you heard?  My understanding is that it uses AOL-signed
SSL-style certificates for authentication, although I don't know what
it does for encryption past that and it's certainly possible that they
did something stupid in their algorithms.  Assuming that they do *any*
sort of identity checking at all before issuing the certificate, it's
at least equivalent to almost everything else out there (and
practically better, since most people don't verify their keys at
*all*, but that's not a technical point), and even if they don't but
they register certificates to screen names, it's worth *something*.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20060220/19c6115e/attachment.pgp>


More information about the OTR-dev mailing list