OTR » History » Version 27
Adrian Georgescu, 09/13/2013 02:33 AM
1 | 3 | Adrian Georgescu | h1. Blink OTR implementation |
---|---|---|---|
2 | 1 | Adrian Georgescu | |
3 | 12 | Adrian Georgescu | September 12th, 2013 |
4 | |||
5 | 24 | Adrian Georgescu | Blink SIP client for SIP2SIP edition for OSX ("download here":http://download.sip2sip.info/) is a free multimedia SIP client for OSX that supports chat sessions using MSRP protocol ("RFC4975":http://tools.ietf.org/html/rfc4975). The client is designed to work with SIP2SIP service that implements "MSRP relay":http://tools.ietf.org/html/rfc4976 protocol for NAT traversal of SIP sessions with MSRP media like Instant Messaging chat sessions. |
6 | 16 | Adrian Georgescu | |
7 | 27 | Adrian Georgescu | Over the MSRP media chat session, Blink SIP client for SIP2SIP edition implements the OTR protocol. OTR functionality will be gradually deployed to other versions and variations of Blink client like Blink Pro available in Mac App Store. |
8 | 16 | Adrian Georgescu | |
9 | 3 | Adrian Georgescu | h2. OTR Protocol |
10 | |||
11 | 9 | Adrian Georgescu | "Off-the-Record (OTR) Messaging":http://www.cypherpunks.ca/otr/ allows two parties to have private conversations over instant messaging by providing: |
12 | 3 | Adrian Georgescu | |
13 | 1 | Adrian Georgescu | h3. Encryption |
14 | |||
15 | No one else can read your instant messages. |
||
16 | |||
17 | h3. Authentication |
||
18 | 3 | Adrian Georgescu | |
19 | 1 | Adrian Georgescu | You are assured the correspondent is who you think it is. |
20 | |||
21 | h3. Deniability |
||
22 | |||
23 | The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. |
||
24 | |||
25 | h3. Perfect forward secrecy |
||
26 | |||
27 | If you lose control of your private keys, no previous conversation is compromised. |
||
28 | 3 | Adrian Georgescu | |
29 | h2. Implementation |
||
30 | 1 | Adrian Georgescu | |
31 | 20 | Adrian Georgescu | The OTR implementation is backwards compatible with remote MSRP clients that do not support it (in this case the encryption features are not available). OTR is not employed when the remote party is a multi-party conference server advertised by is-focus Contact header parameter. |
32 | |||
33 | The code is written in Python and is based on the "python-otr package":https://pypi.python.org/pypi/python-potr/1.0.0b5 |
||
34 | 7 | Adrian Georgescu | |
35 | 4 | Adrian Georgescu | h3. User input |
36 | |||
37 | 17 | Adrian Georgescu | * Local and remote fingerprints are displayed in the Encryption menu |
38 | 1 | Adrian Georgescu | * Chat window has the Encryption toolbar icon, encryption features for each session can be controlled by clicking on this toolbar item, a contextual menu appears |
39 | 17 | Adrian Georgescu | * Verification of remote identity can be performed using SMP protocol (in a separate window) or manually in an audio session |
40 | 7 | Adrian Georgescu | * Each Contact can have encrypted related attributes saved (always use OTR, verification status and learned fingerprint) |
41 | 10 | Adrian Georgescu | * Logging of Chat conversations can be toggled off (global setting) |
42 | 25 | Adrian Georgescu | * History saves for each message the encryption status (encrypted/non-encrypted and fingerprint un/verified). This is rendered using a lock with a corespondent colour |
43 | 1 | Adrian Georgescu | |
44 | h3. Notifications |
||
45 | 4 | Adrian Georgescu | |
46 | 17 | Adrian Georgescu | When the remote party has proposed OTR for the current session, the colour of the toolbar button changes to either orange (unverified fingerprint) or green (verified fingerprint). When the remote party (identified by its SIP URI) has changed its encryption fingerprint, several visual and audible clues appear: |
47 | 7 | Adrian Georgescu | |
48 | 17 | Adrian Georgescu | * Encryption lock turns red |
49 | 4 | Adrian Georgescu | * Chat window system message is displayed |
50 | * Voice synthesiser speaks |
||
51 | 1 | Adrian Georgescu | * System notification (OSX >=10.8) |
52 | * Growl notification |
||
53 | 8 | Adrian Georgescu | |
54 | 23 | Adrian Georgescu | In such case, the process of verification of remote identity must be restarted. |
55 | 22 | Adrian Georgescu | |
56 | 1 | Adrian Georgescu | h3. Key storage |
57 | 23 | Adrian Georgescu | |
58 | Private key is automatically generated the first time OTR protocol usage is invoked. The key can be regenerated in the Preferences panel in the chat section. |
||
59 | 11 | Adrian Georgescu | |
60 | The private key is stored in the program configuration folder under a folder called *chat*. The database with the remote fingerprints is stored in a file under the same folder: |
||
61 | |||
62 | * private_key.dsa |
||
63 | * trusted_peers |
||
64 | |||
65 | 8 | Adrian Georgescu | h3. Interoperability |
66 | 1 | Adrian Georgescu | |
67 | 19 | Adrian Georgescu | We are not aware of any other SIP/MSRP client implementation that supports OTR encryption today. Blink OTR implementation however interoperates well with XMPP clients when using SIP2SIP service built-in SIP/XMPP gateway. We were able to have bidirectional OTR encrypted chat sessions between Blink (using SIP/MSRP) and "Jitsi":http://jit.si (using XMPP) through "SylkServer":http://sylkserver.org. |