On 14/10/13 22:39, Ethan Blanton wrote:
Oh, OTR. This is a problem for the OTR plugin. We started
I'm afraid I failed to spot that this was on OTR one, rather than a
corporate lock down one. (They often have rather conflicting aims.**)
* Secure all communications, untrusted local
On Tue, 15 Oct 2013 10:34:11 +0100
Ralf Skyper Kaiser wrote:
1. OTR: encrypt messages by default (private messaging).
- Out of scope. Can only be fixed within the OTR plugin (developers
disappeared).
I don't think the OTR developers have disappeared, only that they
haven't been on this list.
David,
can you clarify this quote from you please:
That goes against the general philosophy of open source clients. The user
should be assumed to be responsible.
Are you saying that users who use open source clients are assumed to be
responsible? (and because of that pidgin should have a lousy
Ralf Skyper Kaiser spake unto us the following wisdom:
can you clarify this quote from you please:
That goes against the general philosophy of open source clients. The user
should be assumed to be responsible.
Are you saying that users who use open source clients are assumed to be
HI Ethan,
thanks for your comments. I've summarized some SSL/TLS Security concerns:
https://thc.org/ssl
and also created a video for those who are non-technical:
http://youtu.be/F3BMA3IuvYs
I made a list of features under section 6.4 that would make pidgin secure.
In summary:
For
On 14/10/13 15:39, Ralf Skyper Kaiser wrote:
can you clarify this quote from you please:
That goes against the general philosophy of open source clients. The
user should be assumed to be responsible.
Are you saying that users who use open source clients are assumed to be
responsible? (and
The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
different (and exclusive) CA location.
As noted in my original reply, that already exists if you build from
source - the decision is a compile time one. If you use a package, the
packager will generally select the
Ralf Skyper Kaiser spake unto us the following wisdom:
I made a list of features under section 6.4 that would make pidgin secure.
In summary:
So ... we already implement a large portion of this list, either
explicitly or implicitly. To wit:
For Jitsi/Pidgin/Jabber this would mean:
1.
David Woolley spake unto us the following wisdom:
Windows, although far from open source, tends to take a similar
position by default, but does provide features like group policies
to allow a management lock down. Windows SSL security implementation
is also lousy, in your terms, because:
On 14/10/13 17:33, Ralf Skyper Kaiser wrote:
I agree, 1 of the 7 Security features is already possible with pidgin
but requires source code recompilation. That's does not fly for most
users (especially the windows users).
As far as I know, the Windows build is unable to use the system
Hi,
So ... we already implement a large portion of this list, either
explicitly or implicitly. To wit:
For Jitsi/Pidgin/Jabber this would mean:
1. Do not allow non-private chats
I don't know what this means.
...if OTR plugin is available then do not allow non-encrypted private
On Mon, 14 Oct 2013 19:25:21 +0100
Ralf Skyper Kaiser wrote:
1. Do not allow non-private chats
I don't know what this means.
...if OTR plugin is available then do not allow non-encrypted private
messages.
This can be set on a per-contact basis for those who use OTR.
--
Brian,
yes, correct. and It's a good feature to have.
Yet we see users sending unencrypted messages even when they think they are
using OTR with private message encryption (yes, users are sometimes stupid).
An option that use encryption by default (which can be disabled by the
user) provides
Ralf Skyper Kaiser spake unto us the following wisdom:
1. Do not allow non-private chats
I don't know what this means.
...if OTR plugin is available then do not allow non-encrypted private
messages.
Oh, OTR. This is a problem for the OTR plugin. We started
discussions wit the OTR
Hi,
1. Which ROOT CA storage does pidgin use to authenticate a server side SSL
certificate?
2. How can I configure pidgin to use one (and just one; exclusive) ROOT CA
storage (or single certificate) and ignore all other system-wide root certs
without having to recompile the source?
3. How can I
15 matches
Mail list logo