-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/25/2010 1:59 PM, Brian McGroarty wrote: > Has anyone spent time looking at the encrypted chat feature included in > some third-party viewers? It's my understanding that this contacts > third-party servers in obtaining and validating keys. Is that correct? > If so, do these connections share any information about the user that we > should require to be disclosed per section 4.b of the TPV Policy?[1] > > [1] http://secondlife.com/corporate/tpv.php#priv4
I don't think OTR does. From what I remember seeing in its source is that the user has to self-certify that the other user's key is one they trust. I think that was hacked in later versions of Emerald to not require as much user internaction, but I hadn't testing it much after that, I don't use OTR in my viewer code. I wonder if it was at all part of the close door list of changes they must make to get relisted. It seems to me that anything on there would apply just as much to any other TPV as it does to Emerald. Do they get special (more restrictive?) rules than other TPVs just because its popular? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMdYe4AAoJEIdLfPRu7qE2uFkH/1j3cS7g3OeMJOfbVcGDEjun 6hk5i8Iacy/mQOJF+TQf5bz49uW24f+7NK0HX+evhtWMElnAJiAguC/twNXsHz6M uWHDTDE11DWw5vT/vs6/MPvlZF+TYvtuvsQ3RBOTnmu48IVIVW1n8o6g/BTFjII5 bUB60C3p7p0c5CA5jK4k13HVuuZE90jaS1i61cbqXRalJ9YffQOpKM2Bc8gHEL1N NlPf2kraIcfedper86bFOBtYaePchVa7hCdGjDt+vMUxDlTeEhuTy+oDob6w/0Xa YKhfZGkV5+jahANrpqYg95uEx+4SxOWeTeBBhrGazPyDaFtJOO8FWMxq8BuM3HQ= =z9vM -----END PGP SIGNATURE----- _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
