[Pidgin] #15805: OpenPGP Cert _with_ OTR (not instead of OTR)

Pidgin trac at pidgin.im
Thu Nov 7 04:54:03 EST 2013


#15805: OpenPGP Cert _with_ OTR (not instead of OTR)
------------------------------------+---------------------------
 Reporter:  diagon                  |       Owner:  EionRobb
     Type:  defect                  |      Status:  pending
Milestone:                          |   Component:  unclassified
  Version:  2.10.7                  |  Resolution:
 Keywords:  OpenPGP OTR WebofTrust  |
------------------------------------+---------------------------
Changes (by diagon):

 * status:  pending => new


Comment:

 Given that OTR is a plugin, perhaps you are right.  So, I've brought it up
 here:
 http://www.cypherpunks.ca/pipermail/otr-dev/2013-November/001985.html
 (The issue has been brought up before and is being considered, see
 discussion there).

 Still, I must say that even dealing with it in OTR leaves a problem.  We
 have three encryption plugins: OTR, Pidgin-GPG and Pidgin-Encryption.  The
 latter two are quite different from OTR, giving us the ability to leave
 asynchronous messages.  So we need at least one of them.  It would be
 annoying to have each plugin recreate the ability to access our OpenPGP
 cert.  Besides the extra coding, if I use some key for OTR and use the
 same key for Pidgin-GPG (both, on the same account), I have to import it
 twice.  Importing it twice, means my buddy has to verify it twice, even if
 it's the same account.

 It seems to me what we really need is:

 (1, primary & less complicated) some kind of capacity in pidgin to import
 a key from an OpenPGP cert, and associate it with a specific account.

 (2, secondary and slightly more complicated) When I verify my buddy's key,
 I want to be verifying it in an account, rather than once in OTR and etc
 for the other encryption plugins.  So my buddy's keys should also be
 associated with the account, rather than the plugin.

 (3, tertiary and difficult) It would be _really_ nice if I could import
 those keys in my gpg keyring whose ID's are associated with an account in
 my contacts list; and if any particular key presented by my buddy has a
 trust path, then it would be marked as verified for that account.

 This is pointing to some element of key management in Pidgin - somewhere
 between simple & more elaborate - rather than leaving it to the plugins.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15805#comment:2>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list