[jdev] OTR
Yann Leboulanger
asterix at lagaule.org
Wed Aug 17 15:50:02 UTC 2011
On 08/17/2011 03:57 PM, Peter Saint-Andre wrote:
> On 8/16/11 7:08 PM, Andreas Monitzer wrote:
>> On Dienstag, 16. August 2011 at 23:30, Peter Saint-Andre wrote:
>>> Don't forget OTR, too (I might be working on an Internet-Draft
>>> about that with some of the OTR folks):
>>>
>>> http://www.cypherpunks.ca/otr/
>>
>> I know about OTR, but I don't like the standard. Due to its
>> transport-independence, it doesn't integrate at all into XMPP. For
>> example, there's no discovery for it. The client determines support
>> at the other side by sending encrypted text and waiting whether a
>> "wtf" by an irritated/confused human or a proper OTR response comes
>> back.
>
> Yes, that's an ugly hack, which is needed to work around the lack of
> discovery protocols in systems like AIM and Yahoo. However, in XMPP we
> have ways to discover feature support (service discovery and entity
> capabilities), so it seems to me that we can define an XMPP feature for
> OTR (properly versioned because OTRv3 is on the way) and simply ignore
> the hacky text stuff.
>
>> It also takes over the regular<body/>-tag for its binary data
>> instead of using a proper separate tag with its own namespace (like
>> xhtml-im).
>
> On this point, I think we can work with the OTR team to define an XMPP
> binding in OTRv3 or (more likely) OTRv4. The XMPP binding would be more
> consistent with the Tao of Jabber, and if you're using AIM or Yahoo or
> whatever then you'd default to stuffing all the data in the message
> body. The XMPP binding would also enable us to perform whole-stanza
> encryption for all stanza types (think Jingle negotiation and such),
> instead of just the <body/> element of the <message/> stanza.
>
>> Further, the library's LGPL license is incompatible with Apple's App
>> Store, and so I'd have to implement it on my own…
>
> Multiple implementations might be a good thing. :) The XSF might even be
> able to provide funding for folks to work on a common library (BSD or
> MIT licensed) that can be used by a wide variety of clients.
An OTP plugin has been written for Gajim, and AFAIK, he re-wrote the
library in python instead of using the python bindings. But I don't
think he did as a separate module ....
code is here:
http://hg.gajim.org/gajim-plugins/file/1dd756daba40/gotr
--
Yann
More information about the JDev
mailing list