[tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird
Griffin Boyce
griffin at cryptolab.net
Wed Oct 9 21:06:12 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So the lack of OTR support in Instantbird is nearly a dealbreaker for
me, as it makes it a bit more likely than a rogue exit could intercept a
user's communications. Though this depends in part on SSL/TLS support
and whether a user *actually enables* it in their settings.
Would the plan be to create and test a reliable OTR patch for Instantbird?
Pidgin's big issue before was DNS leaks. How is this addressed by
Instantbird? (okay, there are a few big issues with Pidgin but...)
I like Instantbird's UI, but we should come up with a plan to set
proper defaults.
~Griffin
Mike Perry & Sukhbir Singh wrote:
> - No OTR support yet
> + OTR support tickets:
> https://bugzilla.instantbird.org/show_bug.cgi?id=877
> https://bugzilla.mozilla.org/show_bug.cgi?id=779052
> + For a stopgap/prototype: We can use the js-ctypes wrapper of libotr
> along with the message observer API
> + Example observer API use w/ rot13:
> http://hg.instantbird.org/addons/file/tip/rot13
> + JS-Ctypes wrapper for native libotr:
>
http://gitorious.org/fireotr/fireotr/blobs/master/chrome/content/otr_wrapper.js
> + The ctypes wrapper can be converted to an XPCOM wrapper later.
> + According to sshagarwal #maildev on irc.mozilla.org, Mozilla is
> also working towards implementing all of the primitives needed
for OTR (and OTR
> itself) in NSS. These are listed in this comment:
> https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c17
> + We could also rely on the ctypes wrapper until native support is
> available, and possibly skip an XPCOM libotr wrapper entirely.
- --
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
My posts are my own, not my employer's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJSVcVCAAoJEOMx/SmueSyX/T4QALZ3WzbxxNtOj/FbDciYb3t5
B793kSDIrezwZ/lhYtfgAxP9TKGZ2K5yCBf5CtAPWoBSp4vXmscdfkI+1jE2aU6E
rBCTgjDpw+r27hrmU6rm78awhzrg6jpTrBpiMFuEKmCT0ZREdt/1xj9cJCLYjUId
50fmz7uv6/8MeLvy+yUJTYMbxwLfTbLRMWY7OzipJTozuot3+13I6qh4zh9N5qnq
qahxu2cpE+oe8MuWSHdGv14pHziKs+r9ebIh4WKcrP4dRq4hixagSRbS078XN9fR
BEV+JFsHrtLXLjvfaxxBZor4lhoK3Zt1GmgPFOB+LiMZh5X9LdsVlLSha04+084z
JmMkYVruPYAJo0uaxOQU0pTTKJmzSwxzB3xebw+oGBzrLP5rdO85oOOv6ND+mOFv
EymTo6exsbQiFg7bmFuT2pF9npJsqpKuNEM+Pinrxx1JZrzPTBBD0wDMZs6jh7Z3
vE7cyFYI5qIfv5uAyDQyF1UENX8L7HIQIf9N4TmagksdEsM/wAn9w8ZswSsUwUHO
xOzaJwC/4NnUQODlI/YYzI+9E6vaXJ2RxWtiCeCGHSbDkXiAdUTPps6se4I/jdGW
t2G6DPFM+k9BZDA8Wz+ulH10rlaYOPuhTmBHvuf+cXZpZRyLpse4bTqCcSOAfL8p
PZbvZukOi83RQ4ThJv0C
=5/Gh
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list