Re: [Gajim-devel] XEP-0065 encryption

[Yann Leboulanger]

On 04/19/2016 01:53 PM, Илья Валеев wrote:
> Also displaying information about encryption and choise "continue or
> not" in audio and video calls would be great.
>

Audio / video calls are not encrypted currently.

-- 
Yann
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Re: [Gajim-devel] XEP-0065 encryption

[Илья Валеев]

Also displaying information about encryption and choise "continue or
not" in audio and video calls would be great.

15.04.2016 01:48, Yann Leboulanger пишет:
> I agree that displaying an encryption icon is a must have, and I
> already thought about that. Warn the user could be an option, but with
> a "do not warn me anymore" checkbox. Because that could annoy a lot on
> every transfer. 

___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Re: [Gajim-devel] XEP-0065 encryption

[Yann Leboulanger]

On 04/14/2016 10:48 PM, Yann Leboulanger wrote:
> On 04/13/2016 12:24 PM, Илья Валеев wrote:
>>  
>>> Gajim automatically tries jingle FT first, and encryption if both
>>> parties support it. But except by reading XML, you currently can't
>>> know nor enforce encryption. Suggestions welcome.
>> For example: new string option "file_transfer" (maybe conflict with
>> "use_ft_proxies") with this variants:
>>
>> *I.* auto
>> Default value, act as Gajim act today.
>>
>> *II.* inband
>> Send files with IBB.
>>
>> *III.* proxy
>> Send it with proxy defined in XEP-0065
>>
>> *IV.* jingle
>>
>> *Also:*
>> - Display icon for every position in list of transferring files, which
>> display encrypted transfer or not (for example, green closed lock and
>> red open lock)
>> - Warn user when file transfer is not encrypted before transfer starts
>> and give choise, continue without encryption or not
>>
>> Think that such transparency will help not only me, but all people
>> that cares about there security.
>>
>> I use gpg and in my case IBB would be encrypted, right? What kind of
>> encryption can offer jingle (I hear that XTLS
>>  is deprecated)?
>> Is there any possibilities of end-to-end encrypting proxy filetransfer?
> You mixed several things: The way to negociate the transfer, the
> transport used to do it. Jingle and proxy are not orthogonal.
> Moreover, IBB should only be used as a fallback way. It uses a lot of BW
> and CPU for the server, and it's slow. Servers are not done to transfer
> so much data.
> I agree that displaying an encryption icon is a must have, and I already
> thought about that.
> Warn the user could be an option, but with a "do not warn me anymore"
> checkbox. Because that could annoy a lot on every transfer.
> IBB is NOT encrypted. you send your file plain. The link to your server
> may be encrypted if you're connect securely. But:
>  - the server owner has the file plain
>  - you have no idea if the S2S connection is secure
>  - you have no idea if the connection between your contact and his
> server is secure
>
> Once again, GPG is not used to encrypt / sign a file before it's sent.
>
> We indeed use XTLS even if this XEP has never been released
>
This is what we use:
http://xmpp.org/extensions/inbox/jingle-xtls.html
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Re: [Gajim-devel] XEP-0065 encryption

[Yann Leboulanger]

On 04/13/2016 12:24 PM, Илья Валеев wrote:
>  
>> Gajim automatically tries jingle FT first, and encryption if both
>> parties support it. But except by reading XML, you currently can't
>> know nor enforce encryption. Suggestions welcome.
> For example: new string option "file_transfer" (maybe conflict with
> "use_ft_proxies") with this variants:
>
> *I.* auto
> Default value, act as Gajim act today.
>
> *II.* inband
> Send files with IBB.
>
> *III.* proxy
> Send it with proxy defined in XEP-0065
>
> *IV.* jingle
>
> *Also:*
> - Display icon for every position in list of transferring files, which
> display encrypted transfer or not (for example, green closed lock and
> red open lock)
> - Warn user when file transfer is not encrypted before transfer starts
> and give choise, continue without encryption or not
>
> Think that such transparency will help not only me, but all people
> that cares about there security.
>
> I use gpg and in my case IBB would be encrypted, right? What kind of
> encryption can offer jingle (I hear that XTLS
>  is deprecated)?
> Is there any possibilities of end-to-end encrypting proxy filetransfer?

You mixed several things: The way to negociate the transfer, the
transport used to do it. Jingle and proxy are not orthogonal.
Moreover, IBB should only be used as a fallback way. It uses a lot of BW
and CPU for the server, and it's slow. Servers are not done to transfer
so much data.
I agree that displaying an encryption icon is a must have, and I already
thought about that.
Warn the user could be an option, but with a "do not warn me anymore"
checkbox. Because that could annoy a lot on every transfer.
IBB is NOT encrypted. you send your file plain. The link to your server
may be encrypted if you're connect securely. But:
 - the server owner has the file plain
 - you have no idea if the S2S connection is secure
 - you have no idea if the connection between your contact and his
server is secure

Once again, GPG is not used to encrypt / sign a file before it's sent.

We indeed use XTLS even if this XEP has never been released

-- 
Yann
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Re: [Gajim-devel] XEP-0065 encryption

[Yann Leboulanger]

On 04/10/2016 02:43 PM, Илья Валеев wrote:
> Hello!
> Does Gajim encrypts files that transferred through proxy server (XEP-0065)?
> How encryption changes if I use GPG end-to-end encryption?
>

Gajim don't encrypt files before sending it. FT can be encrypted if
using Jingle FT (both parties need to support that) and no proxy is
used. GPG doesn't change anything to that.

-- 
Yann
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

[Gajim-devel] XEP-0065 encryption

[Илья Валеев]

Hello!
Does Gajim encrypts files that transferred through proxy server (XEP-0065)?
How encryption changes if I use GPG end-to-end encryption?

-- 
Идентификатор открытого ключа: 1D38C8C9
Отпечаток: 6210 01B6 A34E E490 A9E4  87DD 841D 0ABE 1D38 C8C9

___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel