[Psi-Devel] Off-the-Record messaging for Psi
Kevin Smith
kevin at kismith.co.uk
Mon Oct 8 02:11:19 PDT 2007
On 17 Aug 2007, at 00:56, Hal Rottenberg wrote:
> On 8/16/07, Raffael <rjr84 at student.canterbury.ac.nz> wrote:
>> Will this patch be included into the .11 release? Or is it already
>> part of the nightly (OSX) builds?
>
> We're feature frozen for 0.11, just bugfixes go in. When 0.11 is
> released, then this would be under consideration by Kev & the devs.
Sadly, using OTR in this way doesn't add very much security: if c2s
and s2s streams are encrypted anyway the only thing that end to end
encryption, like OTR, provides is protection against a malicious or
compromised server. OTR doesn't provide protection against this
(indeed, there's even an ejabberd module to automatically log
decrypted OTR messages) because there is no out-of-band verification.
If security isn't important, you could send it plain-text, and if it
is important OTR won't provide it, sadly.
Best,
/K
More information about the Psi-Devel
mailing list