[OTR-users] otr support in gajim?
Jonathan Schleifer
js-otrim at webkeks.org
Thu Nov 13 07:25:23 EST 2008
Am 13.11.2008 um 08:32 schrieb Paul Wouters:
> A quick check shows that XEY 0116 assumes public key cryptography,
> so some
> kind of out of bound public key verification.
Nope, it can be checked in-bound via SAS.
> That's quite different from
> OTR, which has no prerequisites other then agreeing on a shared
> secret at
> a party.
That's exactly how SAS works.
> OTR also supports Opportunistic Encryption, eg start crypto without
> any identification, so protect against passive attacks.
That's not needed in the XMPP world! No need for ugly hacks to show
your support, you can just put it in the capabilities list! And if
it's there, it's negotiated automatically, like in Gajim.
But unfortunately, ESessions are dead, because other client developers
refuse to implement it. They complain it is too complex and others
complain that there is - just like for OTR - no cryptanalysis.
--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20081113/0d174f72/attachment.pgp>
More information about the OTR-users
mailing list