Commit 4bcb9868 authored by David Goulet's avatar David Goulet

Add blog post about Tails hackfest meeting notes

Signed-off-by: default avatarDavid Goulet <dgoulet@ev0ke.net>
parent 4bfbb829
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8 ie-7"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie13 ie-8"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<html lang="en">
<head>
<title>Otr.im - Blog</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://otr.im/assets/css/style.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
</head>
<body class="blog">
<div class="navbar-wrapper">
<div class="container">
<div class="navbar navbar-inverse navbar-static-top" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li><a href="https://otr.im/">Home</a></li>
<li><a href="https://otr.im/clients.html">Clients</a></li>
<li><a href="https://otr.im/about.html">About</a></li>
<li class="active"><a href="https://otr.im/blog/">Blog</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="container" id="container">
<div class="container-inner">
<div class="hero-unit faq">
<div class="ac">
<h2 class="maintitle">OTR meeting notes - Tails hackfest in Paris 2014</h2>
</div>
</div>
<div class="post">
<p>Attendees:
- jvoisin
- infinity0
- dgoulet
- drwhax
- vmon</p>
<p>1) Modern cryptography</p>
<p>Migrating current OTR protocol to use modern cryptography. We would like to
replace the DSA signature to "ed25519". The DH exchange should be replaced by
"curve25519". libgcrypt supports ed25519 since version 1.6 (package
libgcrypt20). The curve25519 is unclear if it's merged or a work in progress.</p>
<p>The new key(s) should be derived from the old one so users can keep their
current fingerprint.</p>
<p>For that, we discussed the need to cross sign keys for the transition.</p>
<p>Also, should chacha20 and/or poly1305 should be considered as well? No one had
a strong opinion on that.</p>
<p>A proposal of these changes should be written first before any code starts and
Acked-by maintainers/developers/contributors off the community.</p>
<p>2) Tests suite</p>
<p>You can find here a branch of the test suite started by dgoulet which contains
some basic unit tests now integrated with libtap.</p>
<pre><code>git://git.otr.im/libotr-next.git
(branch: test-suites)
</code></pre>
<p>We agree that an "OTR fuzzer" would be great also to basically hunt bug and
also be able to add this to a continious integration system.</p>
<p>There is a bunch of open bugs/features on
https://bugs.otr.im/projects/libotr/issues that we need to tackle but we all
agree that we should <em>first</em> make the test suite with a descent code coverage
so we can actually confirm that what we are fixing/implementing is not breaking
anything.</p>
<p>Once we have that, there is some kniffing to do especially on some part of the
internal ABI (for instance, second comments of this
https://bugs.otr.im/issues/23). Memory allocation used without checks, stuff
like that. Mostly this kniffing would be simply to improve the code to make it
more easily maintainable and robust.</p>
<p>3) OTR.im</p>
<p>We have a twitter account now to tweet about some stuff that's going on in the
OTR community I guess and news/update... So send anything you think might be
worth tweeting :).</p>
<pre><code>https://twitter.com/otr_im
</code></pre>
<p>Also, we discussed having more action on the blog (https://otr.im/blog)
especially maybe putting a "Call to action" for testing.</p>
<p>A new git repository containing the specifications would be a good idea to
create so we can have people looking at the progress of the modern crypto spec.
for instance.</p>
<div class="postmeta">
<p class="text-muted">published on 2014-07-14 12:00:00 by OTR.im</p>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container-inner">
<p class="pull-right"><a href="#">Back to top</a></p>
<p>OTR - Free and open source software.</p>
<p>We would like to thank <a href="https://www.gandi.net/">Gandi</a> for providing us with a wildcard SSL certificate.</p>
<p class="text-muted">Blog powered by <a href="https://github.com/botherder/habu">habu</a>.</p>
</div>
</footer>
</body>
</html>
......@@ -28,7 +28,6 @@
<ul class="nav navbar-nav">
<li><a href="https://otr.im/">Home</a></li>
<li><a href="https://otr.im/clients.html">Clients</a></li>
<li><a href="https://otr.im/chat.html">Chat</a></li>
<li><a href="https://otr.im/about.html">About</a></li>
<li class="active"><a href="https://otr.im/blog/">Blog</a></li>
</ul>
......@@ -44,14 +43,60 @@
<div class="hero-unit faq">
<div class="ac">
<h2><a href="2014-04-27-LWN.html">Debian OTR team featured on LWN</a></h2>
<h2><a href="2014-07-14-tails otr hackfest meeting.html">OTR meeting notes - Tails hackfest in Paris 2014</a></h2>
</div>
</div>
<div class="post firstpost">
<p><a href="http://lwn.net/SubscriberLink/594928/adc5bfafc0c00fd4/">Linux Weekly News</a> featured the Debian OTR team this week. Check it out.</p>
<p>Attendees:
- jvoisin
- infinity0
- dgoulet
- drwhax
- vmon</p>
<p>1) Modern cryptography</p>
<p>Migrating current OTR protocol to use modern cryptography. We would like to
replace the DSA signature to "ed25519". The DH exchange should be replaced by
"curve25519". libgcrypt supports ed25519 since version 1.6 (package
libgcrypt20). The curve25519 is unclear if it's merged or a work in progress.</p>
<p>The new key(s) should be derived from the old one so users can keep their
current fingerprint.</p>
<p>For that, we discussed the need to cross sign keys for the transition.</p>
<p>Also, should chacha20 and/or poly1305 should be considered as well? No one had
a strong opinion on that.</p>
<p>A proposal of these changes should be written first before any code starts and
Acked-by maintainers/developers/contributors off the community.</p>
<p>2) Tests suite</p>
<p>You can find here a branch of the test suite started by dgoulet which contains
some basic unit tests now integrated with libtap.</p>
<pre><code>git://git.otr.im/libotr-next.git
(branch: test-suites)
</code></pre>
<p>We agree that an "OTR fuzzer" would be great also to basically hunt bug and
also be able to add this to a continious integration system.</p>
<p>There is a bunch of open bugs/features on
https://bugs.otr.im/projects/libotr/issues that we need to tackle but we all
agree that we should <em>first</em> make the test suite with a descent code coverage
so we can actually confirm that what we are fixing/implementing is not breaking
anything.</p>
<p>Once we have that, there is some kniffing to do especially on some part of the
internal ABI (for instance, second comments of this
https://bugs.otr.im/issues/23). Memory allocation used without checks, stuff
like that. Mostly this kniffing would be simply to improve the code to make it
more easily maintainable and robust.</p>
<p>3) OTR.im</p>
<p>We have a twitter account now to tweet about some stuff that's going on in the
OTR community I guess and news/update... So send anything you think might be
worth tweeting :).</p>
<pre><code>https://twitter.com/otr_im
</code></pre>
<p>Also, we discussed having more action on the blog (https://otr.im/blog)
especially maybe putting a "Call to action" for testing.</p>
<p>A new git repository containing the specifications would be a good idea to
create so we can have people looking at the progress of the modern crypto spec.
for instance.</p>
<div class="postmeta">
<p class="text-muted">published on 2014-04-27 16:00:00 by OTR.im</p>
<p class="text-muted">published on 2014-07-14 12:00:00 by OTR.im</p>
</div>
</div>
......@@ -61,6 +106,11 @@
<h3 class="subtitle">Older Posts</h3>
<ul class="postlist">
<li>
<span>2014-04-27 16:00:00</span>
<a href="2014-04-27-LWN.html">Debian OTR team featured on LWN</a>
</li>
<li>
<span>2014-04-27 14:15:00</span>
<a href="2014-04-27-debian otr.html">Debian OTR team</a>
......@@ -84,4 +134,4 @@
</div>
</footer>
</body>
</html>
</html>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment