pidgin OUGHT to 'ship' with the pigdin OTR plug-in installed AND activated

JuneKernel
  9 years ago
  4
  Considered

XMPP is ubiquitous. More people use XMPP daily than might realize it. If you are a "social" [ad]networking sheeple you are using- or benefitting from XMPP in your "communication"

Pidgin is a leader in user security/privacy having developed their own respective, albeit not as awesome, conversation encryption plugin.

package, pidgin-otr, is currently available via synaptic but few users are aware of it- or the need to be using it much like sip users being unaware of zRTP/sRTP (or even OSTN).




Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

* Encryption

No one else can read your instant messages.

* Authentication

You are assured the correspondent is who you think it is.

* Deniability

The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

* Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.



more info about OTR conversation security

http://www.cypherpunks.ca/otr


for future versions of Mint see also

IETF JOSE (formerly appropriately named WOES)
http://datatracker.ietf.org/wg/jose/charter/

RFC 5802, sasl scram
https://datatracker.ietf.org/doc/rfc5802/

Latest comments
j_rueger 9 years ago

Shipping with pidgin-otr installed is a good idea, imho. Enabling it by default on the other hand would, as far as I can tell, require Mint to ship an altered version of the normal pidgin package and that might not be feasible or worth the cost.


blueXrider 9 years ago

Got to agree here. Put your opinions in the forums...


remoulder 9 years ago

Personal opinion