Le 18/11/2012 16:26, Marcin de Kaminski a écrit : > Also, since it was discussed on this list: what is the status of Pidgin > OTR? Didn't it have some sec flaws? >
As far as I remember, Pidgin has can use (through libpurple) two different libraries to handle SSL connections - one of them seemed to be really broken. However, I think the OTR plugin has a pretty good reputation, and a private OTR conversation (with verified fingerprints), even using a broken SSL implementation from Pidgin, provides an end-to-end encryption of the discussion. Hence, I tend to think, using Pidgin + that OTR plugin still looks to be a good advice to me. Correct me if I'm wrong :) KheOps
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
