[OTR-users] Re: [OTR-announce] gaim-otr-0.9.9rc1 online
Paul Wouters
paul at cypherpunks.ca
Wed Dec 8 20:30:45 EST 2004
On Wed, 8 Dec 2004, Ian Goldberg wrote:
> Paul's kindly donated a mirror site:
>
> http://www.xelerance.com/mirror/otr/
Two infact, ftp://ftp.openswan.org/mirror/otr/ as well.
(two different servers, two different protocols, same bandwidth though :)
> With luck, even if we eventually get /.ed, it'll hold up better than my
> 1M ADSL line at home. ;-)
Not "if", "when" :)
I have 3 out of 7 submissions approved. they keep refusing to link to my
spam stats every year I suggest to them :) Other then that, my stuff gets
approved :)
> - Changed the "Private connection with (username) refreshed" dialog at
> Paul's request so that it's no longer in "scary" "evil" bold, and
> rephrased it so it's less likely to be misread as "refused" instead of
> "refreshed". ;-)
I know. I am getting old. My pathways are becoming really deep :)
> - We now send heartbeats (OTR Data Messages with an empty message part)
> once a minute, to anyone we're confident is still online. If both
> sides are doing this, then keys get rotated regularly, even if one
> or both sides aren't actively typing. This aids perfect forward
> secrecy.
Why would you need to rotate the key if you do not send messages? Isn't
this just protecting against the last message being able to be read by one
compromised computer, assuming gaim is still running and a memory dump is
made? Or is this happening when one user sends plenty of messages and the
other doesn't send anything back?
I don't understand why the heartbeat is needed.
Oh, and you should set the reply-to: in mailman of the otr-announce list
to otr-users. And make sure listmembers cannot see the list of members
in mailman for all three lists.
Paul
--
Math is case-sensitive
--- Ian Goldberg
More information about the OTR-users
mailing list