Re: Encryption plugins for gaim
On 14/03/05 Adam Fields said: > Given what may or may not be recent ToS changes to the AIM service, > I've recently been looking into encryption plugins for gaim. If you use jabber, note that the Psi client supports 2-person PGP encrypted conversations. I sometimes find it useful. http://psi.affinix.com/ Mike -- Michael P. Soulier <[EMAIL PROTECTED]> http://www.digitaltorque.ca http://opag.ca python -c 'import this' Jabber: [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: Encryption plugins for gaim
In message <[EMAIL PROTECTED]>, Peter Saint-Andre writes: >On Tue, Mar 15, 2005 at 02:02:31PM -0500, Adam Fields wrote: >> On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote: >> > Why not help us make Jabber/XMPP more secure, rather than overloading >> > AIM? With AIM/MSN/Yahoo your account will always exist at the will of >> >> Unfortunately, I already have a large network of people who use AIM, >> and >they< all each have large networks of people who use AIM. Many of >> them still use the AIM client. Getting them to switch to gaim is >> feasible. Getting them to switch to Jabber is not. However, getting >> them to switch to gaim first, and then ultimately Jabber might be an >> option. Frankly, the former is more important to me in the short >> term. > >Yep, the same old story. :-) > >> > AOL, whereas with XMPP you can run your own server etc. Unfortunately >> >> Does "can" == "have to"? From what I remember of trying to run Jabber >> a few years ago, it did. > >No, we have 200k registered users on the jabber.org server and some >servers have even more. You can run your own server, though, and accept >connections only from other servers you trust, etc. > Let me second the recommendation for jabber (though I wish the code quality of some of the components were better). The protocol itself supports TLS for client-to-server encryption; you can also have AIM (or other IM) gateways on that server. In many situations (i.e., wireless), it protects the most vulnerable link from eavesdropping. While clearly not as good as end-to-end encryption, it's far better than nothing, especially in high-threat environments such as the IETF... (Of course, I only know of one open source client -- psi -- that checks the server certificate.) In theory, server-to-server communications can also be TLS-protected, though I don't know if any platforms support that. On top of any other encryption, many implementations support PGP encryption between correspondents. I don't know of any support for e2e-encrypted chat rooms. I haven't played with OTR, nor am I convinced of the threat model. That said, what you really need to watch out for is the transcript files on your own machine... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
On Tue, Mar 15, 2005 at 09:33:51PM +0100, Jim Cheesman wrote: | Ian G wrote: | | >Adam Fields wrote: | > | >>Given what may or may not be recent ToS changes to the AIM service, | >>I've recently been looking into encryption plugins for gaim. | >>Specifically, I note gaim-otr, authored by Ian G, who's on this list. | > | > | >Just a quick note of clarification, there is a collision | >in the name Ian G. 4 letters does not a message digest | >make. | | | Perhaps if you were to prepend a random serial number to your name this | problem would be alleviated? They'd both randomly choose pi. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
> If you want encryption with authentication, there's the gaim-encryption > plugin. I get the feeling gaim-otr is for more specific circumstances. Actually, the only "specific circumstance" that OTR is really aimed at is the IM environment. That is, it's an encryption scheme specifically designed for the mode of use you'd most expect to see in IM, and it's intended to be a complete answer for general-purpose one-to-one IM communication. The forward deniability is a special feature, but all the other features you'd want are in there... including authentication between the parties at the time the message is sent. From the point of view of the two communicating parties, OTR has basically the same privacy and authenticity guarantees as gaim-encryption, with forward deniability added in. The OTR project is trying to get OTR included in as many IM clients as possible, with the idea of making it the de facto standard for IM encryption. I'd say it's ready for real use, although it's by no means static; there are things that are known to still need to be added to the protocol. -- jbash PS: Sorry about the weird "From" address... I read the list through a news gateway, and this is the only way to get a post accepted. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
At 10:19 PM 3/13/2005, Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. AOL says that the ToS bits are only for things like chatrooms; user-to-user AIM traffic doesn't even go through their servers. That doesn't mean they can't eavesdrop on it if they want to, or that they don't have mechanisms for automating MITM, so you may very well want to use encryption, but at least in the normal case your traffic is relatively private. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
Ian G wrote: Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. Specifically, I note gaim-otr, authored by Ian G, who's on this list. Just a quick note of clarification, there is a collision in the name Ian G. 4 letters does not a message digest make. Perhaps if you were to prepend a random serial number to your name this problem would be alleviated? Best wishes, Jim Cheesman - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
On Tue, Mar 15, 2005 at 02:14:48PM -0500, Ian Goldberg wrote: > OTR works over Jabber today. Granted, it's not very "Jabberish" (as far > as I understand the term; I don't know the Jabber protocol very well): > it just replaces the text of the message with ciphertext. [gaim, at > least, doesn't seem to have a way to construct a more "Jabberish" > message, as far as I could tell.] > > I'd be more than happy to help Jabber-ify the OTR protocol. The reason > we designed OTR was exactly that the GPG-over-IM solutions have > semantics that don't match those of a private conversation: you have > long-term encryption keys, as well as digital signatures on messages. > You don't *want* Bob to be able to prove to Charlie that Alice said what > she did. [Yet you want Bob to be himself assured of Alice's > authorship.] And a compromise of Bob's computer tomorrow should not > expose today's messages. > > OTR also adds a couple of extra features (malleable encryption, > publishing of the MAC keys, a toolkit for forging transcripts) to help > Alice claim that someone's putting words in her mouth. Obviously I need to read up more on OTR, but thanks for the offer of assistance -- I'll reply further when my level of ignorance is not quite so high as it is now. /psa - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
On Tue, Mar 15, 2005 at 02:02:31PM -0500, Adam Fields wrote: > On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote: > > Why not help us make Jabber/XMPP more secure, rather than overloading > > AIM? With AIM/MSN/Yahoo your account will always exist at the will of > > Unfortunately, I already have a large network of people who use AIM, > and >they< all each have large networks of people who use AIM. Many of > them still use the AIM client. Getting them to switch to gaim is > feasible. Getting them to switch to Jabber is not. However, getting > them to switch to gaim first, and then ultimately Jabber might be an > option. Frankly, the former is more important to me in the short > term. Yep, the same old story. :-) > > AOL, whereas with XMPP you can run your own server etc. Unfortunately > > Does "can" == "have to"? From what I remember of trying to run Jabber > a few years ago, it did. No, we have 200k registered users on the jabber.org server and some servers have even more. You can run your own server, though, and accept connections only from other servers you trust, etc. /psa - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
Ian Goldberg wrote: ...Unfortunately the original Jabber developers did not build encryption in from the beginning and the existing methods have not been implemented widely (OpenPGP over Jabber) or are not very Jabberish (RFC 3923), so we need to improve what we have. Contributions welcome. See here for pointers: http://www.saint-andre.com/blog/2005-03.html#2005-03-15T11:23 OTR works over Jabber today. Granted, it's not very "Jabberish" (as far as I understand the term; I don't know the Jabber protocol very well): it just replaces the text of the message with ciphertext. [gaim, at least, doesn't seem to have a way to construct a more "Jabberish" message, as far as I could tell.] My thoughts are similar. When I first got into the design, I thought that the privacy aspects of the protocol would be integral with the messaging system, but that proved to be not the case. For several reasons, I think the privacy layer is going to end up being totally divorced from the messaging layer. As a stab at these: * there are many messaging systems, and there are efforts at integrating these, so any decent privacy layer has to think about hops, * we desperately want to preserve many messaging systems in violent competition, * any privacy layer that involves a "decrypt at server and then re-encrypt" is not a privacy layer, as the threat is 99.9% at the node (all three - alice, bob, server) and not on the wire, * involving the server in any identity and privacy concerns brings up conflicts such as asking the server to know who the user is, excrow, liability,..., * messaging systems move at different paces and incorporating crypto into them may result in yoyo behaviour for safe chat - there today, gone tomorrow on the new alpha, * the final authentication - alice of bob and v.v. - is something that is best done divorced from the lowtech as much as possible, so that means some sort of plugin and leveraging off pgp-style WoT. Integrating that step into the messaging system gives you "S/MIME authentication" which doesn't scale. That was scratched off without pause... Hence, my own efforts will probably go in these two parallel directions: * opportunistic key exchange followed by chat in SDP1 over SOX. (Note that SOX is also encrypted client-to-server so for much of the journey packets will be doubly encrypted, but end-to-end is the target). This method will be integrated and fast but lack user authentication. This is uninteresting to anyone outside the SOX world. * OpenPGP packets without any interference, and a sort of plugin ability to bootstrap a fast key exchange, with fingerprint display. Key signing to follow later... Now this is much more interesting as conceivably the same protocol would (once designed!) work over email, Jabber, AIM, etc. At least, that would be the intention. I'd be more than happy to help Jabber-ify the OTR protocol. The reason we designed OTR was exactly that the GPG-over-IM solutions have semantics that don't match those of a private conversation: you have long-term encryption keys, as well as digital signatures on messages. I'm not sure what this obsession with digital signatures over messages is. That probably wants to be unwound. If people are "signing a contract" over chat or indeed email, then they probably need a lot more support in the tech and a lot more warning, training, and legal support as to the ramifications. C.f., http://www.financialcryptography.com/mt/archives/000250.html I agree that encrypting a chat message straight GPG/OpenPGP- over-IM would probably be clunky. I was more envisaging using OpenPGP to handle the clunky key exchange and then go fast from there. You don't *want* Bob to be able to prove to Charlie that Alice said what she did. [Yet you want Bob to be himself assured of Alice's authorship.] And a compromise of Bob's computer tomorrow should not expose today's messages. OTR also adds a couple of extra features (malleable encryption, publishing of the MAC keys, a toolkit for forging transcripts) to help Alice claim that someone's putting words in her mouth. (Note however that my efforts are towards integrating two separate disparate systems - payments and IM - and I am less concerned with the privacy aspects as Ian Goldberg is. This is one area where I'm adopting a wait and see attitude because I'm not convinced that this is an entirely tech issue. But whichever, when we get to that stage there is nothing wrong with doing several possibilities.) iang (the other other one) -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography"
Re: Encryption plugins for gaim
On Tue, Mar 15, 2005 at 02:47:35PM -0500, Ian Goldberg wrote: > > this is actually a very good solution for > > me. The only thing I don't like about it is that it stores the private > > key on your machine. I understand why that is, but it also means that > > if you switch machines with the same login (home/work), you have to > > reverify the fingerprint out of band (assuming you care enough to do > > that in the first place). > > You can also just copy your otr.private_key file around. See, for > example, http://chris.milbert.com/AIM_Encryption/ It would be helpful if you could specify the location of the private key file, so then it could be on a thumb drive or something similar. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote: > Why not help us make Jabber/XMPP more secure, rather than overloading > AIM? With AIM/MSN/Yahoo your account will always exist at the will of Unfortunately, I already have a large network of people who use AIM, and >they< all each have large networks of people who use AIM. Many of them still use the AIM client. Getting them to switch to gaim is feasible. Getting them to switch to Jabber is not. However, getting them to switch to gaim first, and then ultimately Jabber might be an option. Frankly, the former is more important to me in the short term. > AOL, whereas with XMPP you can run your own server etc. Unfortunately Does "can" == "have to"? From what I remember of trying to run Jabber a few years ago, it did. > the original Jabber developers did not build encryption in from the > beginning and the existing methods have not been implemented widely > (OpenPGP over Jabber) or are not very Jabberish (RFC 3923), so we need > to improve what we have. Contributions welcome. See here for pointers: > > http://www.saint-andre.com/blog/2005-03.html#2005-03-15T11:23 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption plugins for gaim
On Mon, Mar 14, 2005 at 01:19:04AM -0500, Adam Fields wrote: > Given what may or may not be recent ToS changes to the AIM service, > I've recently been looking into encryption plugins for gaim. > > Specifically, I note gaim-otr, authored by Ian G, who's on this list. > > Ian - would you care to share some insights on this? Is it ready for > prime time or just a proof-of-concept? Any known issues? If you want encryption with authentication, there's the gaim-encryption plugin. I get the feeling gaim-otr is for more specific circumstances. -- Taral <[EMAIL PROTECTED]> This message is digitally signed. Please PGP encrypt mail to me. A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? pgpfHgRbHTkPG.pgp Description: PGP signature
Re: Encryption plugins for gaim
Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. Specifically, I note gaim-otr, authored by Ian G, who's on this list. Just a quick note of clarification, there is a collision in the name Ian G. 4 letters does not a message digest make. Gaim-otr as I understand it is authored by Nikita Borisov and Ian Goldberg <[EMAIL PROTECTED]>. It can be acquired here: http://www.xelerance.com/mirror/otr/ and here are some other links: http://www.emergentchaos.com/archives/000715.html Just to confuse the issue I also am working on a private instant messaging service which is markedly different, in that I am taking a payment system and reworking it into an IM system: http://www.financialcryptography.com/mt/archives/000379.html But I haven't got around to a download yet. And it's not AIM compatible, as it works through its host payment system. Ian - would you care to share some insights on this? Is it ready for prime time or just a proof-of-concept? Any known issues? Over to Ian G. iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Encryption plugins for gaim
Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. Specifically, I note gaim-otr, authored by Ian G, who's on this list. Ian - would you care to share some insights on this? Is it ready for prime time or just a proof-of-concept? Any known issues? Thanks... -- - Adam ** Optimize your Database! http://www.everylastounce.com/mysql.html ** Blog [ http://www.aquick.org/blog ] Links... [ http://del.icio.us/fields ] Photos.. [ http://www.aquick.org/photoblog ] Experience.. [ http://www.adamfields.com/Adam_Fields_Resume.htm ] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]