OTR in Pidgin?

Christian Franke cfchris6 at yahoo.de
Thu Jan 15 08:02:33 EST 2009

On 01/14/2009 12:16 AM, Jens Franik wrote:
> am Dienstag, 13. Januar 2009 um 06:08 schrieb Casey Ho:
>> How do you all feel about including the OTR plugin by default in Pidgin?
> I do not feel the difference to GPG, but i would like to have OTR.
> But  it  should be well migrated and worked out in details, because it
> is a little bit complicated to use right now.

I do not know how GPG over XMPP works in detail, but if this is only
simple encrypted messages, GPG has one big disadvantage in comparison to
OTR: if your OTR private key is compromised, only future sessions will
be compromised, not sessions you already had. With GPG, if the messages
are simply encrypted by the default public key system, when the private
key is compromised, all sessions, both past and future, are compromised.

What I'd like about this is, this would in fact spread OTR, which I
consider a very good e2e encryption, at least for protocols that do not
allow e2e natively.

Also, that might would bring otr to finch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20090115/1dd675c7/attachment.sig>

More information about the Devel mailing list