[guardian-dev] OtrChat: Dev and User Feedback Requested

Nathan Freitas (GuardianProject) nathan at guardianproject.info
Tue Jul 6 11:27:45 EDT 2010 

Quick followup - SSL/TLS is required for the XMPP host, or at least that
is the intention. This is why there is no option to "enable" this
feature - it is always on.

The idea is that we can't call this a secure solution if we allow people
to authenticate in the clear, regardless of whether we have OTR or not.

This is especially true if you are routing the traffic over Tor.


On 7/6/10 10:05 AM, Nathan Freitas (GuardianProject) wrote:
> I am happy to say we've got a working alpha of OtrChat - our encrypted
> IM solution that works with Jabber/XMPP. The app can also route all
> traffic via Tor using SOCKS Proxy settings.
> 
> We have switched from the Beem app as our foundation to using the Google
> Chat client modified to be a true XMPP client. A few weeks ago, I was
> notified of this project -> http://gitorious.org/gitian/android-secim
> and was finally able to take a look at the work they had done in glueing
> on the Smack XMPP library into Google's app. It turned out to be pretty
> solid, and so I dove in over the weekend.
> 
> Ultimately, using Google's UI is a much better starting point than Beem,
> and the app seemed to be at a fairly robust state, with developers who
> were interested in engaging with our project (The Beem guys weren't that
> interested in adding OTR support).
> 
> At this point, I'm looking for both developer scrutiny, improvements of
> the solution, help polishing the UI (especially for the OTR bits), and
> end user testing (both between Android devices, and to other OTR
> client). If you aren't familiar with OTR, or need to download a desktop
> client, you can find out more here: http://www.cypherpunks.ca/otr
> 
> Info and screenshots here: http://guardianproject.info/apps/otrchat/
> 
> QRCode/Download here:
> http://github.com/downloads/guardianproject/OtRChat/OtRChat-0.0.1-alpha-build4.apk/qr_code
> 
> Please file any issues or requests via Github if you can, or just post
> them back on this thread.
> 
> If you'd like to review the implementation of the classes needed to
> support OTR, you can find them here.
> 
> http://github.com/guardianproject/OtRChat/tree/master/src/info/guardianproject/otr/
> 
> As an example of feedback I am looking for, we've extend the KeyManager
> store to persist in the local/internal private app storage, for
> instance, which we hope is secure enough (as opposed to the
> SD Card), however, feedback on that and other choices would be appreciated.
> 
> +Nathan
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info
> 
> You are subscribed as: nathan at guardianproject.info

More information about the Guardian-dev mailing list