[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Wed, 09 Oct 2013 17:06:12 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Oct 2013 17:06:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1381352773; bh=hEtQHp6f71FMqxw5pHO7nX6jTamKJkKYY0s9hOTqkDc=; h=Date:From:To:Subject:References:In-Reply-To; b=MH4AV3GHVd6SPJkfoL3Zf7dKf4VII1vxalFoPNH3KRDeWYPqagsZetbfUH8DcCPiV aD4IK55z+tIpUS1t+IEihXBUNgwOt3dFTOsw87hDBDSd3xHtkmKcMHTQIlzBPLFKpq FBnNH84HWzxwmMSvmvStKbguJViOSeWrOAZzvU4I=
In-reply-to: <20131007233350.GJ1940@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20131007233350.GJ1940@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  So the lack of OTR support in Instantbird is nearly a dealbreaker for
me, as it makes it a bit more likely than a rogue exit could intercept a
user's communications. Though this depends in part on SSL/TLS support
and whether a user *actually enables* it in their settings.

  Would the plan be to create and test a reliable OTR patch for Instantbird?

  Pidgin's big issue before was DNS leaks. How is this addressed by
Instantbird? (okay, there are a few big issues with Pidgin but...)

  I like Instantbird's UI, but we should come up with a plan to set
proper defaults.

~Griffin


Mike Perry & Sukhbir Singh wrote:
>   - No OTR support yet
>     + OTR support tickets:
>       https://bugzilla.instantbird.org/show_bug.cgi?id=877
>       https://bugzilla.mozilla.org/show_bug.cgi?id=779052
>     + For a stopgap/prototype: We can use the js-ctypes wrapper of libotr
>       along with the message observer API
>       + Example observer API use w/ rot13:
>         http://hg.instantbird.org/addons/file/tip/rot13
>       + JS-Ctypes wrapper for native libotr:
>        
http://gitorious.org/fireotr/fireotr/blobs/master/chrome/content/otr_wrapper.js
>         + The ctypes wrapper can be converted to an XPCOM wrapper later.
>     + According to sshagarwal #maildev on irc.mozilla.org, Mozilla is
>       also working towards implementing all of the primitives needed
for OTR (and OTR
>       itself) in NSS. These are listed in this comment:
>       https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c17
>       + We could also rely on the ctypes wrapper until native support is
>         available, and possibly skip an XPCOM libotr wrapper entirely.


- -- 
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint@xxxxxxxxxxxxx

My posts are my own, not my employer's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSVcVCAAoJEOMx/SmueSyX/T4QALZ3WzbxxNtOj/FbDciYb3t5
B793kSDIrezwZ/lhYtfgAxP9TKGZ2K5yCBf5CtAPWoBSp4vXmscdfkI+1jE2aU6E
rBCTgjDpw+r27hrmU6rm78awhzrg6jpTrBpiMFuEKmCT0ZREdt/1xj9cJCLYjUId
50fmz7uv6/8MeLvy+yUJTYMbxwLfTbLRMWY7OzipJTozuot3+13I6qh4zh9N5qnq
qahxu2cpE+oe8MuWSHdGv14pHziKs+r9ebIh4WKcrP4dRq4hixagSRbS078XN9fR
BEV+JFsHrtLXLjvfaxxBZor4lhoK3Zt1GmgPFOB+LiMZh5X9LdsVlLSha04+084z
JmMkYVruPYAJo0uaxOQU0pTTKJmzSwxzB3xebw+oGBzrLP5rdO85oOOv6ND+mOFv
EymTo6exsbQiFg7bmFuT2pF9npJsqpKuNEM+Pinrxx1JZrzPTBBD0wDMZs6jh7Z3
vE7cyFYI5qIfv5uAyDQyF1UENX8L7HIQIf9N4TmagksdEsM/wAn9w8ZswSsUwUHO
xOzaJwC/4NnUQODlI/YYzI+9E6vaXJ2RxWtiCeCGHSbDkXiAdUTPps6se4I/jdGW
t2G6DPFM+k9BZDA8Wz+ulH10rlaYOPuhTmBHvuf+cXZpZRyLpse4bTqCcSOAfL8p
PZbvZukOi83RQ4ThJv0C
=5/Gh
-----END PGP SIGNATURE-----

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird
  - From: Mike Perry

Prev by Author: Re: [tor-dev] Development of an HTTP PT
Next by Author: [tor-dev] Browser extension identification/fingerprinting mitigation?
Previous by thread: Re: [tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird
Next by thread: [tor-dev] Hidden Service Scaling
Index(es):
- Author
- Thread