Project

General

Profile

Actions

OTR » History » Revision 13

« Previous | Revision 13/32 (diff) | Next »
Adrian Georgescu, 09/13/2013 02:15 AM


Blink OTR implementation

September 12th, 2013

Blink SIP client for SIP2SIP edition is a multimedia SIP client that supports chat sessions using MSRP protocol (RFC4975 http://tools.ietf.org/html/rfc4975). The client is designed to work with SIP2SIP service that implements MSRP relay protocol for NAT traversal of SIP sessions with MSRP media like Instant Messaging chat sessions.

Over the MSRP media chat session, Blink implements the OTR protocol.

OTR Protocol

Off-the-Record (OTR) Messaging allows two parties to have private conversations over instant messaging by providing:

Encryption

No one else can read your instant messages.

Authentication

You are assured the correspondent is who you think it is.

Deniability

The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.

Implementation

The OTR implementation is backwards compatible with MSRP clients that do not support it (of course the encryption feature are not available in this case). OTR is not employed on the remote party is a multi-party conference server (advertised by is-focus Contact header parameter). The code is written in Python and is based on the python-otr package

User input

  • Chat window has the Encryption toolbar icon, encryption features for each session can be controlled by clicking on this toolbar item, a contextual menu appears
  • Verification of remote identity can be performed using SMP protocol
  • Each Contact can have encrypted related attributes saved (always use OTR, verification status and learned fingerprint)
  • Logging of Chat conversations can be toggled off (global setting)
  • History saves for each message the encryption status (encrypted/non-encrypted and fingerprint un/verified). This is rendered using a lock with a corespondent collor

Notifications

When the remote party (identified by its SIP URI) has changed its encryption fingerprint, several visual and audible clues appear:

  • Chat window system message is displayed
  • Voice synthesiser speaks
  • System notification (OSX >=10.8)
  • Growl notification

Key storage

The private key is stored in the program configuration folder under a folder called chat. The database with the remote fingerprints is stored in a file under the same folder:

  • private_key.dsa
  • trusted_peers

Interoperability

We are not aware of any other SIP/MSRP client implementation that supports OTR encryption today. Blink however interoperates well with XMPP clients when using SIP2SIP service built-in SIP/XMPP gateway. We were able to have bidirectional OTR encrypted chat sessions between Blink (using sIP/MSRP) and Jitsi (using XMPP).

Updated by Adrian Georgescu over 11 years ago · 13 revisions