[OTR-dev] Adding dnssec/dane to OTR enabled clients

Paul Wouters paul at cypherpunks.ca
Mon Nov 19 20:55:12 EST 2012


On Mon, 19 Nov 2012, Jurre van Bergen wrote:

> I just came across the following link:
> https://www.internetsociety.org/deploy360/blog/2012/11/got-a-dnssec-project-that-needs-funding-apply-to-nlnet-foundation-before-dec-1/
>
> Apparantly NLnet has some money left over, might be nice to apply if you
> are knowledgeable of dnssec/dane and would like to add it to Adium,
> Pidgin and perhaps others? Would be a nice addition imo!

It's really two projects,

1) DNSSEC / DANE support for the TLS certificates of the IM servers
2) OTRFP support

1) would be nice, although in theory, if the underlying crypto library
supports DNSSEC/DANE, then pidgin/adium does not need specific support
for it (and a project to get DANE in openssl is underway, and the gnutls
people are working on it too, just for nss I'm not sure what the plans
are)

2) is a short RFC, and not too much code, but it requires we first write
up OTR as an RFC, which is a much bigger task but Peter and I wanted to
get that started for some time now.

Paul



More information about the OTR-dev mailing list