[OTR-dev] Fwd: EMPP - What can XMPP benefit from the new Echo Chat Protocol?

Ian Goldberg ian at cypherpunks.ca
Sat Jul 27 17:12:21 EDT 2013


I don't see a protocol spec anywhere on the goldbug.sf.net page, so I
really have no idea what it's even trying to do.

    What technology do you use?

    The technology is most modern, next to libgcrypt and a the pgp
    method over SSL with optional AES end to end encryption the whole
    client is using a new protocol, the Echo. 

This makes me believe authentication is public-key, which is a big red
flag, if it's done per-message.  Mixing Goldbug with OTR in that event
could destroy OTR's deniability properties.

The major win of OTR is that it works *with your existing IM network*.
You don't have to get all your friends to switch IM networks, and you
may not even have to switch IM clients (as a number of clients support
OTR out-of-the-box, and I've certainly had OTR chats with people who had
no idea what OTR was).  It also interoperates between all the different
clients (and even between IM networks in the presence of a bridge).

All that said, you asked for an API for OTR, and one already exists:
libotr 4.x (in C) is available, and people have written their own OTR
libraries in Python, Scheme, Java, Javascript, and Go.  See
http://otr.cypherpunks.ca/software.php

   - Ian



More information about the OTR-dev mailing list