[funsec] Some Good Advice: OTR - Secure Chat
Paul Ferguson
fergdawg at netzero.net
Mon Nov 26 01:09:01 CST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I mentioned this on another list, and neglected to mention it here.
If you've already heard or (and use) OTR, then please disregard. :-)
[snip]
Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:
- -Encryption
No one else can read your instant messages.
- -Authentication
You are assured the correspondent is who you think it is.
- -Deniability
The messages you send do not have digital signatures that are
checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However,
during a conversation, your correspondent is assured the messages
he sees are authentic and unmodified.
- -Perfect forward secrecy
If you lose control of your private keys, no previous
conversation is compromised.
[snip]
For what its worth, The AIM/ICQ plug-in works wonderfully for
Trillian. :-)
More:
http://www.cypherpunks.ca/otr/
FYI,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHSnELq1pz9mNUZTMRAqQEAJ9KVHd5fpT78UPH1uOMvS0kerIpaACgsytd
P/MwmrqwAeipDXAJh1X5qtU=
=T+aB
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list