[OTR-users] some questions

[readytogo2]

Ian Goldberg schrieb:
> On Fri, Dec 29, 2006 at 03:28:20PM +0100, readytogo2 wrote:
>>>> The Miranda plugin isn't by the same developers as the library, gaim
>>>> plugin, and the proxy.  I personally have no opinion about that code,
>>>> since I don't even have a way to try it out.
>> Well, if you don`t want to try it out it`s ok. But I am sure you *can*
>> try it. I am everything else but a *nix expert, but I could run miranda
>> under wine (ubuntu).
> 
> Fair enough.  But of course, just trying it out won't tell you anything
> about what's going on under the hood.
True, but if there is no offical statement from otr developers yet it`s
therefore not suggestable right now?

>>>>>> 2.
>>>>>> Will you add deniability or perfect forward secrecy to the gaim plugin
>>>>>> in the future?
>>>> ?? The gaim plugin has had those features since day 1.  Or am I
>>>> misunderstanding your question?
>> >From otr page faq: "
>> How is this different from the gaim-encryption plugin?
>> The gaim-encryption plugin provides encryption and authentication, but
>> not deniability or perfect forward secrecy. If an attacker or a virus
>> gets access to your machine, all of your past gaim-encryption
>> conversations are retroactively compromised. Further, since all of the
>> messages are digitally signed, there is difficult-to-deny proof that you
>> said what you did: not what we want for a supposedly private conversation!"
>>
>> That`s why I asked if you are going to add this feature in the future.
> 
> Huh?  We didn't write the gaim-encryption plugin; that's a totally
> separate piece of software.  This FAQ entry is just *comparing* the
> features of gaim-otr to those of gaim-encryption.  gaim-otr has all of
> the features of otr, including deniability and perfect forward secrecy.
Ah, I missunderstod this. The page says gaim-encryption and not just
gaim-plugin.

>>>>>> 3.
>>>>>> I am using miranda/gaim plugin, can I save or export my
>> fingerprint? If
>>>>>> I want to user another client, another accountname or the proxy can I
>>>>>> use my old "identy" anyway so my contact doesn`t need to trust a new
>>>>>> fingerprint?
>>>> There's no explicit way to do it at the moment (with the main plugin,
>>>> anyway), but copying the otr.private_key file around should work.
>> I think to use the proxy would be the best way for everyone right now?
>> Is the proxy portable? I also don`t know what is compatible to each
>> other. :(
> 
> Any software that uses libotr should have compatible otr.private_key
> files; I don't think switching to the proxy would change this situation
> at all.
The proxys isn`t avalible for windows?

What would you suggest to use?
- using jabber + ssl
- using gaim + gaim-otr
- using miranda (I prefer it because it supports transport agents and
mroe easy server registration) + miranda-otr-plugin
?

Or is game + gaim-otr the only suggastable way to chat encrypted? I mean
the gaim plugin is easy enugh to install for everyone.

Please allow me a question, this question should not sound mad. But why
do you invetigate your skills and time in developing OTR localhost AIM
proxy? Propritaery like Aim, Icq & Msn (maybe Skype aswell) are
Freeware, not open source, don`t have a checkable secure way to add
encryption by standard and will never have it and reserve itself the
right to log, save, observe, use, ... messages sent over their service.

Them could disallow to send encrypted messages over their service at any
time. Some of those messengers already banned transport agents or
disallowed in their user agreement to use native clients.

If two people are using aim and beginn to care about privacy and
security should use jabber instant because it is free and there are
already cross platform, portable, checkable and secure ways to chat with
each other (gaim-otr). Imho to investigate work in free protocolls has
more future.