[OTR-users] OTR for android mobiles

Paul Wouters paul at cypherpunks.ca
Tue Jun 1 09:39:51 EDT 2010


On Sat, 29 May 2010, Chad Perrin wrote:

> I talked to Moxie in #whispersystems today.  He is *not* intending to
> release either RedPhone or TextSecure under the terms of an open source
> license.  He only means to make it available under the terms of a license
> that allows *auditing* the source code.  I find that pretty
> disappointing, but it's better (for security purposes) than just keeping
> the source code entirely under wraps (as long as you trust him to use the
> source you can actually audit in his distributed applications).

But what's in it for the auditors? If he does not want to play with the
open source resources, why would the open source community help him out
audit his code? There are perfectly fine auditors you can buy if you are
a commercial company. I'm said he choose to go that way.

As for redphone, I guess I just don't like the zphone "hack". I prefer a
real protocol over a "hook into existing protocols" hack. And we have
protocols that work fine for encrypting voice of streams. zphone is meant
to "catch" proprietary sip implementations and encrypt them. If you start
from scratch, you might as well just encrypt your sip stream.

Paul



More information about the OTR-users mailing list