[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Attentive Otter: Analysis of xmpp-client



On Mon, Oct 07, 2013 at 07:21:42PM +0200, Jurre van Bergen wrote:
> [...]
> *Is traffic send over Tor?*
> Yes, xmpp-client has support for sending all traffic over Tor, this 
> includes connecting to onion's. When you connect to jabber.ccc.de or the
> riseup.net jabber service, you are automatically connected over Tor
> through their onion address (hidden service), if Tor is running. SRC
> lookups are not proxied.

I assume you mean SRV lookups? To clarify, they aren't proxied when Tor is used
because they aren't sent at all, correct? (I haven't checked to see, but
assumed this is the case since the onion addresses are hardcoded for
jabber.ccc.de and riseup.net.)

> [...]
> * XMPP in Go - https://github.com/mattn/go-xmpp

Note that xmpp-client does not use that xmpp library, it uses this one:
https://github.com/agl/xmpp

> [...]
> *OTR*
> OTR support comes from the Go crypto package:
> https://code.google.com/p/go.crypto/
> This library only has support for OTRv2 and not the latest OTRv3 
> specification. If we want to be resistant to several attacks[1]  on the
> OTR protocol, we need to reimplement the OTR protocol and update it to
> the latest version or, we use Cgo, which binds into libotr. (Open
> questions: OTR by default?, )

OTR by default (or, outright refuse to send non-OTR messages) is a feature I
would very much like to see and have been meaning to add myself.

~leif

> [...]

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev