[tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird

Griffin Boyce griffin at cryptolab.net
Wed Oct 9 21:06:12 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  So the lack of OTR support in Instantbird is nearly a dealbreaker for
me, as it makes it a bit more likely than a rogue exit could intercept a
user's communications. Though this depends in part on SSL/TLS support
and whether a user *actually enables* it in their settings.

  Would the plan be to create and test a reliable OTR patch for Instantbird?

  Pidgin's big issue before was DNS leaks. How is this addressed by
Instantbird? (okay, there are a few big issues with Pidgin but...)

  I like Instantbird's UI, but we should come up with a plan to set
proper defaults.

~Griffin


Mike Perry & Sukhbir Singh wrote:
>   - No OTR support yet
>     + OTR support tickets:
>       https://bugzilla.instantbird.org/show_bug.cgi?id=877
>       https://bugzilla.mozilla.org/show_bug.cgi?id=779052
>     + For a stopgap/prototype: We can use the js-ctypes wrapper of libotr
>       along with the message observer API
>       + Example observer API use w/ rot13:
>         http://hg.instantbird.org/addons/file/tip/rot13
>       + JS-Ctypes wrapper for native libotr:
>        
http://gitorious.org/fireotr/fireotr/blobs/master/chrome/content/otr_wrapper.js
>         + The ctypes wrapper can be converted to an XPCOM wrapper later.
>     + According to sshagarwal #maildev on irc.mozilla.org, Mozilla is
>       also working towards implementing all of the primitives needed
for OTR (and OTR
>       itself) in NSS. These are listed in this comment:
>       https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c17
>       + We could also rely on the ctypes wrapper until native support is
>         available, and possibly skip an XPCOM libotr wrapper entirely.


- -- 
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de

My posts are my own, not my employer's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSVcVCAAoJEOMx/SmueSyX/T4QALZ3WzbxxNtOj/FbDciYb3t5
B793kSDIrezwZ/lhYtfgAxP9TKGZ2K5yCBf5CtAPWoBSp4vXmscdfkI+1jE2aU6E
rBCTgjDpw+r27hrmU6rm78awhzrg6jpTrBpiMFuEKmCT0ZREdt/1xj9cJCLYjUId
50fmz7uv6/8MeLvy+yUJTYMbxwLfTbLRMWY7OzipJTozuot3+13I6qh4zh9N5qnq
qahxu2cpE+oe8MuWSHdGv14pHziKs+r9ebIh4WKcrP4dRq4hixagSRbS078XN9fR
BEV+JFsHrtLXLjvfaxxBZor4lhoK3Zt1GmgPFOB+LiMZh5X9LdsVlLSha04+084z
JmMkYVruPYAJo0uaxOQU0pTTKJmzSwxzB3xebw+oGBzrLP5rdO85oOOv6ND+mOFv
EymTo6exsbQiFg7bmFuT2pF9npJsqpKuNEM+Pinrxx1JZrzPTBBD0wDMZs6jh7Z3
vE7cyFYI5qIfv5uAyDQyF1UENX8L7HIQIf9N4TmagksdEsM/wAn9w8ZswSsUwUHO
xOzaJwC/4NnUQODlI/YYzI+9E6vaXJ2RxWtiCeCGHSbDkXiAdUTPps6se4I/jdGW
t2G6DPFM+k9BZDA8Wz+ulH10rlaYOPuhTmBHvuf+cXZpZRyLpse4bTqCcSOAfL8p
PZbvZukOi83RQ4ThJv0C
=5/Gh
-----END PGP SIGNATURE-----



More information about the tor-dev mailing list