[OTR-users] some questions
Ian Goldberg
ian at cypherpunks.ca
Fri Dec 29 13:02:23 EST 2006
On Fri, Dec 29, 2006 at 06:28:00PM +0100, readytogo2 wrote:
> > Fair enough. But of course, just trying it out won't tell you anything
> > about what's going on under the hood.
> True, but if there is no offical statement from otr developers yet it`s
> therefore not suggestable right now?
I don't think it's even our place to recommend or contraindicate the use
of specific third-party software. All I can say is that I personally
don't use it, and I've never looked at the code.
> >>>> There's no explicit way to do it at the moment (with the main plugin,
> >>>> anyway), but copying the otr.private_key file around should work.
> >> I think to use the proxy would be the best way for everyone right now?
> >> Is the proxy portable? I also don`t know what is compatible to each
> >> other. :(
> >
> > Any software that uses libotr should have compatible otr.private_key
> > files; I don't think switching to the proxy would change this situation
> > at all.
> The proxys isn`t avalible for windows?
The proxy runs on Linux, Windows, and OS X.
> What would you suggest to use?
> - using jabber + ssl
> - using gaim + gaim-otr
> - using miranda (I prefer it because it supports transport agents and
> mroe easy server registration) + miranda-otr-plugin
> ?
jabber + ssl doesn't provide the same security properties as otr; most
noticeably, the jabber server can still read (or modify) all of your
messages.
I personally use gaim + gaim-otr; that's my primary development target.
> Or is game + gaim-otr the only suggastable way to chat encrypted? I mean
> the gaim plugin is easy enugh to install for everyone.
As I said, that's what I use. OS X users have another great option:
Adium X. It's got OTR support built right in.
> Please allow me a question, this question should not sound mad. But why
> do you invetigate your skills and time in developing OTR localhost AIM
> proxy? Propritaery like Aim, Icq & Msn (maybe Skype aswell) are
> Freeware, not open source, don`t have a checkable secure way to add
> encryption by standard and will never have it and reserve itself the
> right to log, save, observe, use, ... messages sent over their service.
>
> Them could disallow to send encrypted messages over their service at any
> time. Some of those messengers already banned transport agents or
> disallowed in their user agreement to use native clients.
The primary reason to write the proxy was so that iChat users could use
OTR. At the time, iChat was AIM-only.
> If two people are using aim and beginn to care about privacy and
> security should use jabber instant because it is free and there are
> already cross platform, portable, checkable and secure ways to chat with
> each other (gaim-otr). Imho to investigate work in free protocolls has
> more future.
One of the primary characteristics of so-called "useful security and
privacy technologies" is that they can give users benefit, without the
users having to significantly change the way they do things. (For if
they were forced to, they usually just forego the technology
altogether.) Telling people "switch to Jabber" is a non-solution, since
people won't do it. Even telling people "switch to using gaim" is
tough. The proxy allows people to continue using whatever client
they're most comfortable with, until OTR support gets added natively.
I agree that open protocols as the Right Way to go in the future (and
you'll notice that OTR itself is fully specified and open), but that's
not where IM users are now, and we want to help as many people as we can
today. We don't have to choose between them; OTR works on AIM, MSN,
ICQ, and Jabber alike.
- Ian
More information about the OTR-users
mailing list