[OTR-users] otr support in gajim?
Paul Wouters
paul at cypherpunks.ca
Thu Nov 13 02:32:26 EST 2008
On Wed, 12 Nov 2008, Aaron Toponce wrote:
> Gajim 0.12 will feature client-to-client encryption, taking advantage of
> XEP 0116, thus effectively removing the need for OTR. Of course, the
http://xmpp.org/extensions/xep-0116.html
WARNING: Consideration of this document has been Deferred by
the XMPP Standards Foundation. Implementation of the protocol
described herein is not recommended.
> Jabber client on the other end has to support XEP 0116 as well, but
> that's no different than both supporting OTR. I suspect more and more
> clients will be XEY 0116 compatible.
A quick check shows that XEY 0116 assumes public key cryptography, so some
kind of out of bound public key verification. That's quite different from
OTR, which has no prerequisites other then agreeing on a shared secret at
a party. OTR also supports Opportunistic Encryption, eg start crypto without
any identification, so protect against passive attacks.
I have not looked closer, but I suspect deniability is also not in this
specification.
Apart from that, of course only few of my friends use XMPP.
Paul
More information about the OTR-users
mailing list