This is the
talk page for discussing improvements to the
Off-the-record messaging article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||
|
I think the article should be moved back to a capitalized title, "Off-the-Record Messaging", as the article documents a specific encryption protocol, not "off the record messaging" in general; "Off-the-Record" is merely a name. All official sources also capitalize the name. Any agreements/disagreements? -- intgr 09:11, 30 January 2007 (UTC)
You are right. -- Liebeskind 19:47, 31 January 2007 (UTC)
As far as I can tell, OTR doesn't have deniable encryption, just deniable authentication. I think the article intro should be changed in accordance with the Implementation section, which has it correct. Unless, of course, a cryptographer can explain otherwise. — metaprimer ( talk) 12:48, 16 September 2007 (UTC)
It has malleable encryption (explained on the deniable encryption page), so i changed it —Preceding unsigned comment added by 131.111.243.37 ( talk) 18:30, 18 October 2008 (UTC)
The way I understand it, the message signature proves (to anyone who can decrypt the message) that either Alice or Bob sent it. Bob knows that he didn't send the message, so it must have been Alice, but anyone else can't know whether the message was really sent by Alice or forged by Bob. Is this correct / useful? Gingekerr ( talk) 22:38, 11 February 2014 (UTC)
Instead of complicated computer jargon, I tried to explain the difference between OTR and ordinary cryptography software using a picture of signed writing v. private conversation. Seems more understandable to me. Ceplm ( talk) 21:17, 13 March 2008 (UTC)
These two implementations are not yet stable but will become so. I don't know how to best insert this into the article conforming to Wikipedia standards, since this is no "install and use" kind of software yet. I consider it important, because these two are the most popular and feature rich jabber clients (note I have no hard evidence, though). -- 141.84.69.20 ( talk) 21:15, 25 May 2008 (UTC)
OTR support for Plugin was rewritten as a plugin. http://gajim-otr.pentabarf.de/ Adding Gajim to the list. SzpakEng ( talk) 22:10, 7 March 2012 (UTC)
I have been using Gajim 0.15 for a logn time, but there is only beta4 available. I comment Gajim waiting for the final reelase. SzpakEng ( talk) 22:16, 7 March 2012 (UTC)
Somehow I do not understand the example picture, there are 2 windows on one machine (they have a common background) and they should be the same conversation - one "normal" the other "raw". But why is in the raw only macskeeball speaking, and why are there 6 messages and in the normal only 2 from him and 3 from "me"
If these 6 encrypted messages are the 2+3 messages from both, why is the first message from "me" also encrypted? it should be still plain. -- 147.142.13.23 ( talk) 22:00, 3 September 2009 (UTC)
Quoting from the 2nd paragraph: "This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be later used as a record to demonstrate the communication event, the participants, and the topic of communication."
I am skeptical of the claim that the topic is recorded. Can anyone explain? 68.33.193.71 ( talk) 21:33, 2 March 2011 (UTC)
Why is this called "Off-the-Record Messaging"? -- Gaborgulya ( talk) 21:15, 1 May 2013 (UTC)
Information about OTR in Kopete should be reviewed. References [10], [11] and [12] are no more relevant. 217.151.195.214 ( talk) 14:14, 4 July 2013 (UTC)
IM Plus supports OTR, mentioned eg. here:
https://otr.cypherpunks.ca/software.php
Android (free):
https://play.google.com/store/apps/details?id=de.shapeservices.impluslite
Android paid:
https://play.google.com/store/apps/details?id=de.shapeservices.implusfull
iOS:
http://www.shape.ag/en/products/details.php?product=im&platform=iphone
I have tried the Android version. Cannot comment on other platforms at the moment.
IM Plus appears to be completely ignored in all instant messaging articles here for some reason.
Mutual Authentication is not Authentication. After SMP, you cannot verify you are talking to the person you think you are. You can just be sure there is no third party in between. For example, Alice and Bob have a conversation. Cary wants to use man in the middle. After SMP, Alice and Bob can be sure no one is in the middle relaying the message. But Cary can still attack Alice and do a SMP with Alice alone, and pretend to be Bob, without relaying the message. — Preceding unsigned comment added by Lesiw ( talk • contribs) 13:44, 7 May 2015 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Off-the-Record Messaging. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 09:27, 11 January 2016 (UTC)
Maybe this is an offtopic subject and this should be placed somewhere else, but I assume that people writing and discussing OTR are experts, so they could awnser my question
If the security and safety of a application is as strong as the weakest part in chain of creation and use. Are then not the application, its creator and its protocol the weakest part, but the OS the application is running on? A simple and undetected keylogger running on OS level could already expose all the input of users?
If a Microsoft or Google allow for 3rd parties or themselves an undetectable keylogger running on their OS, then all security of an app is breached? Also when 3rd parties do find exploits without OS creators knowing of it.
Correct me if i'm wrong. I have just the idea that nobody is really safe on the web if you are using any app running on an OS that "helps" breaching its security. — Preceding unsigned comment added by 2001:464A:91BD:0:184B:3853:EE3D:95E6 ( talk) 18:15, 11 November 2018 (UTC)
Does the section /info/en/?search=Off-the-Record_Messaging#Authentication mean the man-in-the-middle security flaw described at https://xmpp.org/extensions/xep-0364.html#security is fixed in OTR 3.1? Otherwise we could add this from the link above in the article: "Because Diffie-Hellman (D-H) key exchange is unauthenticated, the initial D-H exchange which sets up the encrypted channel is vulnerable to a man-in-the-middle attack." -- Baptx ( talk) 12:43, 28 October 2021 (UTC)
The result of the move request was: Page moved. ( closed by non-admin page mover) Jerium ( talk) 19:39, 8 October 2023 (UTC)
Off-the-Record Messaging → Off-the-record messaging – Per MOS:EXPABBR. This seems more of a technology than strictly a proper name to me at this point. Feel free to disagree. alexiaa ( talk) 10:10, 1 October 2023 (UTC)
This is the
talk page for discussing improvements to the
Off-the-record messaging article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||
|
I think the article should be moved back to a capitalized title, "Off-the-Record Messaging", as the article documents a specific encryption protocol, not "off the record messaging" in general; "Off-the-Record" is merely a name. All official sources also capitalize the name. Any agreements/disagreements? -- intgr 09:11, 30 January 2007 (UTC)
You are right. -- Liebeskind 19:47, 31 January 2007 (UTC)
As far as I can tell, OTR doesn't have deniable encryption, just deniable authentication. I think the article intro should be changed in accordance with the Implementation section, which has it correct. Unless, of course, a cryptographer can explain otherwise. — metaprimer ( talk) 12:48, 16 September 2007 (UTC)
It has malleable encryption (explained on the deniable encryption page), so i changed it —Preceding unsigned comment added by 131.111.243.37 ( talk) 18:30, 18 October 2008 (UTC)
The way I understand it, the message signature proves (to anyone who can decrypt the message) that either Alice or Bob sent it. Bob knows that he didn't send the message, so it must have been Alice, but anyone else can't know whether the message was really sent by Alice or forged by Bob. Is this correct / useful? Gingekerr ( talk) 22:38, 11 February 2014 (UTC)
Instead of complicated computer jargon, I tried to explain the difference between OTR and ordinary cryptography software using a picture of signed writing v. private conversation. Seems more understandable to me. Ceplm ( talk) 21:17, 13 March 2008 (UTC)
These two implementations are not yet stable but will become so. I don't know how to best insert this into the article conforming to Wikipedia standards, since this is no "install and use" kind of software yet. I consider it important, because these two are the most popular and feature rich jabber clients (note I have no hard evidence, though). -- 141.84.69.20 ( talk) 21:15, 25 May 2008 (UTC)
OTR support for Plugin was rewritten as a plugin. http://gajim-otr.pentabarf.de/ Adding Gajim to the list. SzpakEng ( talk) 22:10, 7 March 2012 (UTC)
I have been using Gajim 0.15 for a logn time, but there is only beta4 available. I comment Gajim waiting for the final reelase. SzpakEng ( talk) 22:16, 7 March 2012 (UTC)
Somehow I do not understand the example picture, there are 2 windows on one machine (they have a common background) and they should be the same conversation - one "normal" the other "raw". But why is in the raw only macskeeball speaking, and why are there 6 messages and in the normal only 2 from him and 3 from "me"
If these 6 encrypted messages are the 2+3 messages from both, why is the first message from "me" also encrypted? it should be still plain. -- 147.142.13.23 ( talk) 22:00, 3 September 2009 (UTC)
Quoting from the 2nd paragraph: "This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be later used as a record to demonstrate the communication event, the participants, and the topic of communication."
I am skeptical of the claim that the topic is recorded. Can anyone explain? 68.33.193.71 ( talk) 21:33, 2 March 2011 (UTC)
Why is this called "Off-the-Record Messaging"? -- Gaborgulya ( talk) 21:15, 1 May 2013 (UTC)
Information about OTR in Kopete should be reviewed. References [10], [11] and [12] are no more relevant. 217.151.195.214 ( talk) 14:14, 4 July 2013 (UTC)
IM Plus supports OTR, mentioned eg. here:
https://otr.cypherpunks.ca/software.php
Android (free):
https://play.google.com/store/apps/details?id=de.shapeservices.impluslite
Android paid:
https://play.google.com/store/apps/details?id=de.shapeservices.implusfull
iOS:
http://www.shape.ag/en/products/details.php?product=im&platform=iphone
I have tried the Android version. Cannot comment on other platforms at the moment.
IM Plus appears to be completely ignored in all instant messaging articles here for some reason.
Mutual Authentication is not Authentication. After SMP, you cannot verify you are talking to the person you think you are. You can just be sure there is no third party in between. For example, Alice and Bob have a conversation. Cary wants to use man in the middle. After SMP, Alice and Bob can be sure no one is in the middle relaying the message. But Cary can still attack Alice and do a SMP with Alice alone, and pretend to be Bob, without relaying the message. — Preceding unsigned comment added by Lesiw ( talk • contribs) 13:44, 7 May 2015 (UTC)
Hello fellow Wikipedians,
I have just added archive links to one external link on
Off-the-Record Messaging. Please take a moment to review
my edit. If necessary, add {{
cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{
nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— cyberbot II Talk to my owner:Online 09:27, 11 January 2016 (UTC)
Maybe this is an offtopic subject and this should be placed somewhere else, but I assume that people writing and discussing OTR are experts, so they could awnser my question
If the security and safety of a application is as strong as the weakest part in chain of creation and use. Are then not the application, its creator and its protocol the weakest part, but the OS the application is running on? A simple and undetected keylogger running on OS level could already expose all the input of users?
If a Microsoft or Google allow for 3rd parties or themselves an undetectable keylogger running on their OS, then all security of an app is breached? Also when 3rd parties do find exploits without OS creators knowing of it.
Correct me if i'm wrong. I have just the idea that nobody is really safe on the web if you are using any app running on an OS that "helps" breaching its security. — Preceding unsigned comment added by 2001:464A:91BD:0:184B:3853:EE3D:95E6 ( talk) 18:15, 11 November 2018 (UTC)
Does the section /info/en/?search=Off-the-Record_Messaging#Authentication mean the man-in-the-middle security flaw described at https://xmpp.org/extensions/xep-0364.html#security is fixed in OTR 3.1? Otherwise we could add this from the link above in the article: "Because Diffie-Hellman (D-H) key exchange is unauthenticated, the initial D-H exchange which sets up the encrypted channel is vulnerable to a man-in-the-middle attack." -- Baptx ( talk) 12:43, 28 October 2021 (UTC)
The result of the move request was: Page moved. ( closed by non-admin page mover) Jerium ( talk) 19:39, 8 October 2023 (UTC)
Off-the-Record Messaging → Off-the-record messaging – Per MOS:EXPABBR. This seems more of a technology than strictly a proper name to me at this point. Feel free to disagree. alexiaa ( talk) 10:10, 1 October 2023 (UTC)