

OTR in Go - alecco
http://www.imperialviolet.org/2012/01/14/gootr.html

======
xal
It's really a pleasure to read through this code. The amount of things that he
gets from the go standard library is really incredible. Go looks perfect for
such tasks.

Anyone got a C implementation to compare it to?

~~~
tptacek
(random Google hit)

<https://github.com/DrWhax/mpOTR/tree/master/libotr-0.3.2/src>

------
AceJohnny2
I wish OTR was widely deployed on XMPP clients (such as my favorite, Psi). As
it is, only Pidgin supports it, and standardizing it seems to have gotten
stuck. Do people know any more?

------
spindritf
> To many it's feature in gTalk and AOL IM which indicates that the
> conversation isn't logged

Isn't the goal similar? The conversation can be logged but after it's over,
it's impossible to prove that the log is legitimate, unlike, for example, a
gpg-signed e-mail.

It used to be quite popular, there was a cross-network plugin for pidgin and a
somewhat annoying (it included the server name in the key/identity instead of
the network name, something like that) module for irssi... I haven't heard
about OTR in a while though.

~~~
burgerbrain
Not quite the same. OTR Proper means that the conversation is secure and
authenticated, as well as deniable.

You can also achieve the deniability trait if you simply don't secure the
conversation. If everything is plaintext then you could claim that any logs
have been potentially tampered with.

Now, if the conversation is secure but you're not using OTR, then simply "not
logging" doesn't really get you much. The other participant could still be
logging, manually if they have to.

~~~
spindritf
> OTR Proper means that the conversation is secure and authenticated, as well
> as deniable.

Yes, you're right of course, I skipped over that a little but that's what I
meant by "after it [the conversation] is over." Thanks.

------
alecco
A very nice talk from the creator of OTR explaining why traditional encryption
tools are not the best pick (i.e. deniability and perfect forward secrecy):

[http://csclub.uwaterloo.ca/media/Off-the-
Record%20Messaging:...](http://csclub.uwaterloo.ca/media/Off-the-
Record%20Messaging:%20Useful%20Security%20and%20Privacy%20for%20IM.html)

------
zobzu
id rather use gnupg than otr plugin though, because its "yet another different
keyring storage" which is slightly annoying ;-)

~~~
chrisballinger
GPG doesn't offer deniability

