[OTR-dev] Fwd: EMPP - What can XMPP benefit from the new Echo Chat Protocol?

Peter Saint-Andre stpeter at stpeter.im
Sun Jul 28 11:00:57 EDT 2013

Hash: SHA1


A: Because it messes up the order in which people normally read text.

Q: Why is top-posting so bad?

A: Top-posting.

Q: What is the most annoying behavior on email discussion lists?

On 7/28/13 8:47 AM, Randolph D. wrote:
> Hi Ian, as normal tester of the release I am not able to provide
> you with a documentation of the protocol. there seems to be much
> Information and comments in the code.

Dear "Randolph D.",

Right now I would say that you are wasting the time of people on this
discussion list, who are very busy (and therefore don't have time to
read through the code comments of some random SourceForge project) and
also very knowledgeable (and therefore know a lot more about security
technologies than you do). Thus the conversation here is not very
productive. If you could convince the developer of this "Goldbug"
software to engage in discussion here, perhaps we would make more

> Well, think to send the Echo over OTR is a quite good initiative:
> Adding the libspoton kernel to OTR has the following pro's: - it
> adds another encryption layer to OTR

Not if the other encryption layer is compromised, reveals too much
information, enables side channels or man in the middle attacks, etc.

Encryption != security (ask anyone who has clicked "accept
certificate" during a leap of faith and ended up connecting to the
wrong server!).

> - it offers a unique GUI api to every OTR - Strategey: OTR becomes
> not a encryption Service, but a Messenger itself: you can still
> send the Message from Google-to-Google user line, but with the
> OTR-KERNEL Hybridity, you also can use any other line like AOL -
> AOL or OTR to OTR. All Messenger protocols and accounts will become
> just an IP address, not a Login for a dedicated account or line.
> That means this hybrid tool would override all IM-Networks/Accounts
> and dedicated surveillance for these accounts and lines, as the
> message can "travel" several connections. inside AOL to AOL , but
> also any other connection.

I have to say, much of what you have written in this thread is very
hard to understand. It's full of buzzwords, but no real technical
details. The same is true for the Goldbug website.

I really do appreciate your enthusiasm, but enthusiasm does not
necessarily lead to secure systems.

> 2013/7/28 Ian Goldberg <ian at cypherpunks.ca
> <mailto:ian at cypherpunks.ca>>

Oh, and am I not the only one who has noticed that "Goldbug" might be
a play on Ian's family name?


- -- 
Peter Saint-Andre

Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the OTR-dev mailing list