On 04/13/2016 12:24 PM, Илья Валеев wrote: > >> Gajim automatically tries jingle FT first, and encryption if both >> parties support it. But except by reading XML, you currently can't >> know nor enforce encryption. Suggestions welcome. > For example: new string option "file_transfer" (maybe conflict with > "use_ft_proxies") with this variants: > > *I.* auto > Default value, act as Gajim act today. > > *II.* inband > Send files with IBB. > > *III.* proxy > Send it with proxy defined in XEP-0065 > > *IV.* jingle > > *Also:* > - Display icon for every position in list of transferring files, which > display encrypted transfer or not (for example, green closed lock and > red open lock) > - Warn user when file transfer is not encrypted before transfer starts > and give choise, continue without encryption or not > > Think that such transparency will help not only me, but all people > that cares about there security. > > I use gpg and in my case IBB would be encrypted, right? What kind of > encryption can offer jingle (I hear that XTLS > <https://xmpp.org/extensions/inbox/jingle-xtls.html> is deprecated)? > Is there any possibilities of end-to-end encrypting proxy filetransfer?
You mixed several things: The way to negociate the transfer, the transport used to do it. Jingle and proxy are not orthogonal. Moreover, IBB should only be used as a fallback way. It uses a lot of BW and CPU for the server, and it's slow. Servers are not done to transfer so much data. I agree that displaying an encryption icon is a must have, and I already thought about that. Warn the user could be an option, but with a "do not warn me anymore" checkbox. Because that could annoy a lot on every transfer. IBB is NOT encrypted. you send your file plain. The link to your server may be encrypted if you're connect securely. But: - the server owner has the file plain - you have no idea if the S2S connection is secure - you have no idea if the connection between your contact and his server is secure Once again, GPG is not used to encrypt / sign a file before it's sent. We indeed use XTLS even if this XEP has never been released -- Yann _______________________________________________ Gajim-devel mailing list Gajim-devel@gajim.org https://lists.gajim.org/cgi-bin/listinfo/gajim-devel