On 28/06/14 20:06, Trevor Perrin wrote: > This exists for OTR: > > https://otr.cypherpunks.ca/README-libotr-4.0.0.txt
Thanks, Trevor. I wasn't aware of this (but then I haven't researched for it, yet). But this is pretty much what would be at the core, and then some (simplistic) UI over the top to control such tool(s) to enable one to edit the transcript semi-conveniently. On 01/07/14 02:49, Tom Ritter wrote: > AFAIK, no chat client (Pidgin, Adium, etc) actually lets you export > the raw OTR data in a conversation. To capture it on the wire, you > would have to perform SSL interception on yourself, to break through > the (presumed) SSL session your client makes with the XMPP server. Indeed Tom, that would be another, secondary problem (which might quickly become the initial problem). So far with Pidgin I've had a play with the XMPP console, which gave me access to the data, however it won't log them as such. On the other hand, if messengers don't log the raw OTR messages, then forgery can be even simpler, as one won't even need to consider key agreement, message authentication and encryption. Which would make it rather trivial to create a session transcript or arbitrary content, which one may use e. g. in court as counter-evidence. (Just checked, Pidgin just stores the logs as plain html files.) Therefore, the point might be rather given for those cases where a hypothetical chat client will store messages in a more complete form, while still retaining key agreement information required to recover the encryption key or get the ratchet kick-started. Now, is it worth it: I guess not, unless some such hypothetical chat client was available, which somebody may use to gather information in order to e. g. frame somebody on a more "reputable" basis. Guy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
