[tor-dev] Attentive Otter: Analysis of xmpp-client

Leif Ryge leif at synthesize.us
Mon Oct 7 18:31:12 UTC 2013


On Mon, Oct 07, 2013 at 07:21:42PM +0200, Jurre van Bergen wrote:
> [...]
> *Is traffic send over Tor?*
> Yes, xmpp-client has support for sending all traffic over Tor, this 
> includes connecting to onion's. When you connect to jabber.ccc.de or the
> riseup.net jabber service, you are automatically connected over Tor
> through their onion address (hidden service), if Tor is running. SRC
> lookups are not proxied.

I assume you mean SRV lookups? To clarify, they aren't proxied when Tor is used
because they aren't sent at all, correct? (I haven't checked to see, but
assumed this is the case since the onion addresses are hardcoded for
jabber.ccc.de and riseup.net.)

> [...]
> * XMPP in Go - https://github.com/mattn/go-xmpp

Note that xmpp-client does not use that xmpp library, it uses this one:
https://github.com/agl/xmpp

> [...]
> *OTR*
> OTR support comes from the Go crypto package:
> https://code.google.com/p/go.crypto/
> This library only has support for OTRv2 and not the latest OTRv3 
> specification. If we want to be resistant to several attacks[1]  on the
> OTR protocol, we need to reimplement the OTR protocol and update it to
> the latest version or, we use Cgo, which binds into libotr. (Open
> questions: OTR by default?, )

OTR by default (or, outright refuse to send non-OTR messages) is a feature I
would very much like to see and have been meaning to add myself.

~leif

> [...]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20131007/8082412f/attachment.sig>


More information about the tor-dev mailing list