On Tue, Mar 15, 2005 at 02:14:48PM -0500, Ian Goldberg wrote:
OTR works over Jabber today. Granted, it's not very "Jabberish" (as far as I understand the term; I don't know the Jabber protocol very well): it just replaces the text of the message with ciphertext. [gaim, at least, doesn't seem to have a way to construct a more "Jabberish" message, as far as I could tell.]
I'd be more than happy to help Jabber-ify the OTR protocol. The reason we designed OTR was exactly that the GPG-over-IM solutions have semantics that don't match those of a private conversation: you have long-term encryption keys, as well as digital signatures on messages. You don't *want* Bob to be able to prove to Charlie that Alice said what she did. [Yet you want Bob to be himself assured of Alice's authorship.] And a compromise of Bob's computer tomorrow should not expose today's messages.
OTR also adds a couple of extra features (malleable encryption, publishing of the MAC keys, a toolkit for forging transcripts) to help Alice claim that someone's putting words in her mouth.
Obviously I need to read up more on OTR, but thanks for the offer of assistance -- I'll reply further when my level of ignorance is not quite so high as it is now. /psa --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com