[impdev] Adding OTR to Imprudence.

Kadah kadah.coba at gmail.com
Thu Jan 26 14:46:41 PST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OTR is pretty standard for IM encryption. Plugins or direct support of
it exist in nearly all major open source IM clients.
http://www.cypherpunks.ca/otr/

On 1/26/2012 1:13 PM, Matthew Nitti wrote:
> Out of curiosity, what form and level of encryption does this use? My
> old friends and I always defaulted to communications outside of SL when
> we wanted to be secure, not just from other users but from LL themselves
> listening in.
> 
> -Matthew Nitti | ZATZAi
> 
> On 1/25/2012 4:53 PM, David Seikel wrote:
>> OTR - Off The Record (which is end to end IM encryption with
>> deniability) was brought up at the meeting today, though mostly in
>> private discussion with McCabe.  We thought it best to leave that
>> discussion to the mailing list.  People are asking for OTR to be added
>> to other viewers it seems, I'm happy to help with that.
>>
>> I kinda volunteered to help put out a final release of Imprudence if the
>> team decides to go with Kokua an Sunday.  Either way, I think this
>> would still apply.
>>
>> Long ago Chris added OTR to meta-impy, which is my fork of Imprudence
>> 1.4.  I helped out a bit with the UI stuff.  We did not quite have it
>> ready in time for the 1.4 feature freeze, so it did not make it in.  On
>> the other hand, in the long time since that feature freeze, other new
>> features have been added to Imprudence.  I guess the feature freeze is
>> over?  McCabe thought it would be OK to add OTR into Imprudence.
>>
>> OTR in meta-impy was based on the Emerald version (which Chris had done
>> to start with).  It was actually quite easy to slip it into meta-impy,
>> almost worked first time.  Since then, we polished it, and it has been
>> working fine.  At least as good as the Emerald version.  My users have
>> been using it for quite some time.  It will be fairly trivial to add it
>> to Imprudence.
>>
>> McCabe did bring up some issues with the UI.  We are using the same UI
>> that was used in Emerald, with two exceptions.  One was I put it's
>> prefs into it's own dialog, in the same way as IM auto-response options
>> (it's even close to that button).  The other was a departure from every
>> other OTR implementation, where they all follow the original confusing
>> menu.  I turned it into a smart button that keeps track of what state
>> OTR is in, and switches itself when needed.  Note that I stayed with
>> the original OTR text in order to not confuse existing OTR users.
>>
>> McCabe suggested that "OTR" is not very descriptive for those that
>> don't know what it is.  On the other hand, it's "OTR" that people are
>> asking for, they might object if we give them OTR, but call it
>> something else.  Any other descriptive label might be a bit long to fit
>> into the UI.
>>
>> Here are some screenshots of OTR in meta-impy.  These images do not
>> show the smart button drop down menus, or the hover tips, seems the
>> viewer can't capture those in screenshots.
>>
>> http://onefang.net/downloads/OTR_Imprudence_001.png
>>
>> The default, with OTR not being active.  This is an unencrypted IM as
>> would normally happen if OTR did not exist.  McCabe suggested that "Not
>> private" was misleading, as it's as private as IMs usually are.  "Not
>> encrypted" is probably better.
>>
>> Also shown is the preferences window, with the little OTR prefs window
>> open.
>>
>> http://onefang.net/downloads/OTR_Imprudence_002.png
>>
>> After clicking on the OTR smart button, it changes to "Unverified".
>>
>> OTR has a procedure for verifying the person you are talking to really
>> IS that person.  The smart buttons drop down menu allows you to start
>> that process.  Also in the picture is the dialog used for that
>> verification process.  The next three photos show variations of that
>> dialog.
>>
>> http://onefang.net/downloads/OTR_Imprudence_003.png
>> http://onefang.net/downloads/OTR_Imprudence_004.png
>> http://onefang.net/downloads/OTR_Imprudence_005.png
>>
>> http://onefang.net/downloads/OTR_Imprudence_006.png
>>
>> This is what you see while you wait for the other person to answer
>> your question.
>>
>> Oops, I missed taking a photo of what it looks like from the other side
>> when the question is asked, it looks similar to picture 2, just with
>> the question greyed out.
>>
>> http://onefang.net/downloads/OTR_Imprudence_007.png
>>
>> What the other person sees after they have answered the question
>> correctly.  Note that verification is one way, at this point the second
>> person is verified to the first, but not the other way around.
>>
>> http://onefang.net/downloads/OTR_Imprudence_008.png
>>
>> What the original person sees after the verification is complete.  Note
>> that the smart button automatically changed to "Private".  This is what
>> you see instead of "Unverified" when you are using OTR with someone you
>> verified eaorlier.  The second person is still seeing "Unverified" at
>> this point, since this verification only happened one way.
>>
>> http://onefang.net/downloads/OTR_Imprudence_009.png
>>
>> Showing the message you get when the other person logs off.
>>
>> http://onefang.net/downloads/OTR_Imprudence_010.png
>>
>> The message you get when you try to send to someone in "Finished"
>> mode.  Clicking on the smart button returns to "Not private".
>>
>> This is a deliberate feature of OTR by the OTR authors, and it's the
>> one most annoying feature.  It interacts badly with the unreliable
>> nature of OpenSim and SL presence.  You don't always know for sure if
>> your friends are online or not, coz the servers don't always tell you.
>> If they are online, but your viewer does not know it, then OTR gets
>> really confused.  For why it's a deliberate feature of OTR, go ask them.
>>
>> I see that some of this text should be changed, though the changes
>> might end up being rather long texts.  B-(
>>
>> "Not private" ->  "Not encrypted"  That's fine.
>>
>> "Unverified" ->  "Encrypted, but unverified"  Too long.
>>
>> "Private" ->  "Encrypted and verified"  Also too long.
>>
>> "Finished", actually this is the one I changed already, since the
>> original was a menu item "End private conversation", which you can
>> still see in picture 10.  Guess I forgot to change that text to match.
>> lol
>>
>> As you can see, with all those long words, it gets a bit too long.  I
>> could put the longer texts in the hover tips.
>>
>>
>>
>>
>> _______________________________________________
>> ImpDev mailing list
>> ImpDev at lists.imprudenceviewer.org
>> http://lists.imprudenceviewer.org/listinfo.cgi/impdev-imprudenceviewer.org
>>
> _______________________________________________
> ImpDev mailing list
> ImpDev at lists.imprudenceviewer.org
> http://lists.imprudenceviewer.org/listinfo.cgi/impdev-imprudenceviewer.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPIdfRAAoJEIdLfPRu7qE2R58H/3QJJrisQ1bq8utY604zkQCu
tDrCIr1VFr4CYEUwhA4u0APN+ocyKUBpRjC1vtfLSmgJJ7g3hTmeoGUIRwKZvD93
dVC9dwzDG7Bh/r0fjK1qu8r7goz9QKNhuiMFFFMwEtD08n7rrleOeAj5u9NPfCHw
v3iycbOXZbgdFT6BQ/hj97eiSVnioWFsrE66IUcgXqvHZnXNGNXTnWpm1sV9S9ny
YZ9q22YerGdnczbnGZs9usLpiTV7YSHh4AIGQGlkuCfOTb4/6kLrtynZOvYI9Rbh
J9pNvML0rG8VG1BbDJpM20GV7QsNz+lWwqPp85lFEJimKZiWBjqYE4RUJkIg6MM=
=hTn/
-----END PGP SIGNATURE-----



More information about the ImpDev mailing list