Commit 39fd42c4 authored by David Goulet's avatar David Goulet

Add chatifesto post and october 2014 release post

Signed-off-by: default avatarDavid Goulet <dgoulet@ev0ke.net>
parent 7c4530a0
This diff is collapsed.
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8 ie-7"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie13 ie-8"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<html lang="en">
<head>
<title>Otr.im - Blog</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://otr.im/assets/css/style.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
</head>
<body class="blog">
<div class="navbar-wrapper">
<div class="container">
<div class="navbar navbar-inverse navbar-static-top" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li><a href="https://otr.im/">Home</a></li>
<li><a href="https://otr.im/clients.html">Clients</a></li>
<li><a href="https://otr.im/about.html">About</a></li>
<li class="active"><a href="https://otr.im/blog/">Blog</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="container" id="container">
<div class="container-inner">
<div class="hero-unit faq">
<div class="ac">
<h2 class="maintitle">Release of libotr 4.1.0 and Pidgin-OTR 4.0.1</h2>
</div>
</div>
<div class="post">
<p>We are pleased to announce the release of pidgin-otr (4.0.1) and libotr
(4.1.0). These are mostly bugfixes as well as some new translations for
pidgin-otr.</p>
<h3>Pidgin-otr updates:</h3>
<ul>
<li>Fix max message size for Novell Groupwise</li>
<li>New Czech, Finnish, Brazilian Portuguese, Norwegian Bokmal translations. Updated French, Chinese translations.</li>
<li>The Windows binary has been linked with updated versions of libotr, libgcrypt, and libgpg-error.</li>
</ul>
<h3>libotr updates:</h3>
<ul>
<li>Modernized autoconf build system</li>
<li>Use constant-time comparisons where needed</li>
<li>Use gcrypt secure memory allocation</li>
<li>Correctly reject attempts to fragment a message into too many pieces</li>
<li>Fix a missing opdata when sending message fragments</li>
<li>Don't lose the first user message when REQUIRE_ENCRYPTION is set</li>
<li>Fix some memory leaks</li>
<li>Correctly check for children contexts' state when forgetting a context</li>
<li>Add functions' definition for:<ul>
<li>otrl_context_find_recent_instance()</li>
<li>otrl_context_find_recent_secure_instance()</li>
</ul>
</li>
</ul>
<p>Thanks to everyone who contributed on this release!</p>
<h3>How to report bugs?</h3>
<p>If you found any bugs or want to contribute to the otr project. The best way is
to create an account or login using the anonymous <strong><em>cypherpunks</em></strong> account
with password <strong>contribute</strong> on <a href="https://bugs.otr.im">https://bugs.otr.im</a>.</p>
<p>You can also post on the OTR mailing list at
<a href="otr-dev@lists.cypherpunks.ca">otr-dev@lists.cypherpunks.ca</a> for help.</p>
<h3>Where can I find the releases?</h3>
<h4>libotr</h4>
<ul>
<li><a href="https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz">https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz</a></li>
<li>Signature:<a href="https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz.asc"> https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz.asc</a></li>
</ul>
<h4>Pidgin-otr</h4>
<ul>
<li><a href="https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe">https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe</a></li>
<li>Signature: <a href="https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe.asc">https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe.asc</a></li>
</ul>
<p>The OTR team.</p>
<div class="postmeta">
<p class="text-muted">published on 2014-10-21 10:45:00 by OTR team</p>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container-inner">
<p class="pull-right"><a href="#">Back to top</a></p>
<p>OTR - Free and open source software.</p>
<p>We would like to thank <a href="https://www.gandi.net/">Gandi</a> for providing us with a wildcard SSL certificate.</p>
<p class="text-muted">Blog powered by <a href="https://github.com/botherder/habu">habu</a>.</p>
</div>
</footer>
</body>
</html>
\ No newline at end of file
......@@ -43,69 +43,57 @@
<div class="hero-unit faq">
<div class="ac">
<h2><a href="2014-07-25-hopex mpotr.html">mpOTR progress report - HOPE X in New York 2014</a></h2>
<h2><a href="2014-10-21-libotr 4.1.0 and pidgin-otr 4.0.1 release.html">Release of libotr 4.1.0 and Pidgin-OTR 4.0.1</a></h2>
</div>
</div>
<div class="post firstpost">
<p>Attendees:
- trevp
- infinity0
- DrWhax
- dgoulet
- vmon</p>
<p>This is a progress report on the ongoing mpOTR effort after a meeting at the
HOPE X conference in New York.</p>
<p>First of all, the name of the protocol has not been yet decided thus we'll use
mpOTR in this report so everyone understand what we are talking about.</p>
<p>This initiative was launched by CryptoCat and eQualit.ie in early 2014 with the
help of OTF for the funding. You can find an overview of the project here
<a href="https://github.com/cryptocat/cryptocat/wiki/mpOTR-Project-Plan">mpOTR</a>. Quite
of work has been put into this new protocol and a second draft of the mpOTR
protocol should be release to the public soon.</p>
<p>Now a quick summary of what we discussed. It is divided into roughly two parts,
the key agreement to establish the session, and mechanisms to ensure transcript
consistency during the session. The key agreement can itself be thought as a
combination of a forward-secure confidentiality key agreement, and a deniable
authentication key agreement.</p>
<p>Unlike OTR which is a bidirectionnal data exchange, a cryptographic agreement
between all parties need to be established before having a group chat secure
channel. There are multiple methods to achieve that, such has having each
participant broadcasting her/his key ("sender keys") or using a common key for
the whole chat session ("group key"). It's also important to consider the
transport protocols that support group chat such as IRC and XMPP; these all
have different semantics for reachability, presence, delivery and so on. In
order for mpOTR to be transport agnostic, we need to assume as little as
possible about the transport, and/or think about how to adapt the semantics we
choose for mpOTR, into the semantics of each transport.</p>
<p>mpOTR will most likely introduce new properties on top of the secure channel
that make sure the transcript between all participants is ordered and
consistent. This is to prevent an insider attacker that decides to send
different information to different people in the group chat - this would be as
disastrous as a non-secure communication channel. I won't go into any more
details but I encourage you all to read infinity0
<a href="https://github.com/infinity0/msg-notes">notes</a>.</p>
<p>So back to the HOPE X meeting. The discussion was aimed at trying to get to an
agreement between attendees mostly on two aspects, which key agreement scheme
to use and the transcript consistency property. I'll describe what they are
briefly here but will not go into deep technical details since no decision have
been made.</p>
<p>As mentionned before, there are multiple key agreement scheme that can be used
but there is still a debate on which one to use in mpOTR, sender keys or a
common group key. Each of these have advantages and disadvantages, but details
are being worked out to decide which one the next draft will follow.</p>
<p>For the transcript consistency, the discussion was mostly about the performance
overhead of the scheme described
<a href="https://github.com/infinity0/msg-notes/blob/master/causal/02-consistency.rst">here</a>,
and whether simpler schemes achieve security guarantees that are strong enough.
Again, I'm not going to go into more details since I feel that this would need
its own blog post/paper and the goal here is to show what's being worked on
right now for mpOTR.</p>
<p>As I said, the second draft will be release soon (hopefully with an official
name) which you, the public, should bring a HUGE amount of scrutiny to it and
we can finally move to an implementation! :)</p>
<p>We are pleased to announce the release of pidgin-otr (4.0.1) and libotr
(4.1.0). These are mostly bugfixes as well as some new translations for
pidgin-otr.</p>
<h3>Pidgin-otr updates:</h3>
<ul>
<li>Fix max message size for Novell Groupwise</li>
<li>New Czech, Finnish, Brazilian Portuguese, Norwegian Bokmal translations. Updated French, Chinese translations.</li>
<li>The Windows binary has been linked with updated versions of libotr, libgcrypt, and libgpg-error.</li>
</ul>
<h3>libotr updates:</h3>
<ul>
<li>Modernized autoconf build system</li>
<li>Use constant-time comparisons where needed</li>
<li>Use gcrypt secure memory allocation</li>
<li>Correctly reject attempts to fragment a message into too many pieces</li>
<li>Fix a missing opdata when sending message fragments</li>
<li>Don't lose the first user message when REQUIRE_ENCRYPTION is set</li>
<li>Fix some memory leaks</li>
<li>Correctly check for children contexts' state when forgetting a context</li>
<li>Add functions' definition for:<ul>
<li>otrl_context_find_recent_instance()</li>
<li>otrl_context_find_recent_secure_instance()</li>
</ul>
</li>
</ul>
<p>Thanks to everyone who contributed on this release!</p>
<h3>How to report bugs?</h3>
<p>If you found any bugs or want to contribute to the otr project. The best way is
to create an account or login using the anonymous <strong><em>cypherpunks</em></strong> account
with password <strong>contribute</strong> on <a href="https://bugs.otr.im">https://bugs.otr.im</a>.</p>
<p>You can also post on the OTR mailing list at
<a href="otr-dev@lists.cypherpunks.ca">otr-dev@lists.cypherpunks.ca</a> for help.</p>
<h3>Where can I find the releases?</h3>
<h4>libotr</h4>
<ul>
<li><a href="https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz">https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz</a></li>
<li>Signature:<a href="https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz.asc"> https://otr.cypherpunks.ca/libotr-4.1.0.tar.gz.asc</a></li>
</ul>
<h4>Pidgin-otr</h4>
<ul>
<li><a href="https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe">https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe</a></li>
<li>Signature: <a href="https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe.asc">https://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.1.exe.asc</a></li>
</ul>
<p>The OTR team.</p>
<div class="postmeta">
<p class="text-muted">published on 2014-07-25 00:00:00 by dgoulet, infinity0</p>
<p class="text-muted">published on 2014-10-21 10:45:00 by OTR team</p>
</div>
</div>
......@@ -115,6 +103,16 @@ we can finally move to an implementation! :)</p>
<h3 class="subtitle">Older Posts</h3>
<ul class="postlist">
<li>
<span>2014-08-31 14:15:00</span>
<a href="2014-08-31-New chat paradigm.html">Chatifesto</a>
</li>
<li>
<span>2014-07-25 00:00:00</span>
<a href="2014-07-25-hopex mpotr.html">mpOTR progress report - HOPE X in New York 2014</a>
</li>
<li>
<span>2014-07-14 12:00:00</span>
<a href="2014-07-14-tails otr hackfest meeting.html">OTR meeting notes - Tails hackfest in Paris 2014</a>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment