[OTR-dev] Fwd: EMPP - What can XMPP benefit from the new Echo Chat Protocol?

Sun Jul 28 11:00:57 EDT 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

:)

A: Because it messes up the order in which people normally read text.

Q: Why is top-posting so bad?

A: Top-posting.

Q: What is the most annoying behavior on email discussion lists?

On 7/28/13 8:47 AM, Randolph D. wrote:
> Hi Ian, as normal tester of the release I am not able to provide
> you with a documentation of the protocol. there seems to be much
> Information and comments in the code.

Dear "Randolph D.",

Right now I would say that you are wasting the time of people on this
discussion list, who are very busy (and therefore don't have time to
read through the code comments of some random SourceForge project) and
also very knowledgeable (and therefore know a lot more about security
technologies than you do). Thus the conversation here is not very
productive. If you could convince the developer of this "Goldbug"
software to engage in discussion here, perhaps we would make more
progress.

> Well, think to send the Echo over OTR is a quite good initiative:
> Adding the libspoton kernel to OTR has the following pro's: - it
> adds another encryption layer to OTR

Not if the other encryption layer is compromised, reveals too much
information, enables side channels or man in the middle attacks, etc.

Encryption != security (ask anyone who has clicked "accept
certificate" during a leap of faith and ended up connecting to the
wrong server!).

> - it offers a unique GUI api to every OTR - Strategey: OTR becomes
> not a encryption Service, but a Messenger itself: you can still
> send the Message from Google-to-Google user line, but with the
> OTR-KERNEL Hybridity, you also can use any other line like AOL -
> AOL or OTR to OTR. All Messenger protocols and accounts will become
> just an IP address, not a Login for a dedicated account or line.
> That means this hybrid tool would override all IM-Networks/Accounts
> and dedicated surveillance for these accounts and lines, as the
> message can "travel" several connections. inside AOL to AOL , but
> also any other connection.

I have to say, much of what you have written in this thread is very
hard to understand. It's full of buzzwords, but no real technical
details. The same is true for the Goldbug website.

I really do appreciate your enthusiasm, but enthusiasm does not
necessarily lead to secure systems.

> 2013/7/28 Ian Goldberg <ian at cypherpunks.ca
> <mailto:ian at cypherpunks.ca>>

Oh, and am I not the only one who has noticed that "Goldbug" might be
a play on Ian's family name?

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR9TIoAAoJEOoGpJErxa2p1JUP/1/dxs9DHJDKNmr+46zZeOua
PXaUkSH2Hc+TCT8XPGli7/3wnGa6znl/3K3m4G6sbeqxFDC1cwpANFffv7jozg3A
Zr+UL6z35R9sjgm20bqTuspKMx3cMNoCTiF2SlpcJ/9xLhNs5Ennpfml2V0tD3Xj
9JvnAcDA9ka7CNE2+gL36QO4I3NBYyezrp24g4xxYwy/plNoNBozwDs0TSvTe7a+
dxpV5WIPEpqxDedm6k8LMEu/OiaWYs3pjiFFfCGgsyKOuCWcxHoCoiPfOwEieKI0
V9Ea1kZq9hLcIe+PZNAdIySlZytVunTZ7XOvh5ux2vyF/P/yB09ZUq45oYIdd+cI
/VGqetfjVz9xwDhpQ280dIUXHH/UtR14s3aKg9ds7aYoYFE/qejR6jEkk7l5kp5/
wqMWxRbC9Q2eNgMDlIgTNaA4jQO3Q3ptF079WRp3pvF2kI9SSFFpCa2xUhZwPkuL
1wdwF+Q1KAvdhXtcFmoa7VW2Z9LX9ij4ByYQ2RfpFOU2Gerh5IqYBO6Yu0q8oYyK
WYHNXkU1WY/J/iKeEA/c0/IQdKbcd0kTSIBQjEQRZ0B4sw0r/Q9KLc7s8Nr+GtLy
a1WRXNV7aRHCg5L+cMBc+K44JDrm/zOBY3CWq/k1TVApN+A7pOvG2D59EWEB4E/D
tTGPyc5zvzDUSP6ploVi
=xRj/
-----END PGP SIGNATURE-----