Off-the-Record is a cryptographic protocol designed for instant-messaging which tries to mimic real-world conversations warranties, providing secure end-to-end communication through encryption, peer authentication, perfect forward secrecy, and deniability. This is not only import for people living in places were their basic privacy and freedom of speech is threatened by governments, but also for common people looking for a way to guarantee privacy on their conversations.
This project aims to add OTR support on Empathy XMPP conversations.
To accomplish this task OTR has to be implemented on Gabble, the XMPP Connection Manager, and exposed through a new Telepathy interface. After that, Empathy will use this interface to create encrypted channels and authenticate the conversation peer.
The project can be divided in three main phases:
D-Bus interface definition: the Telepathy interface which will expose this on the CMs needs to be discussed and defined together with the Telepathy community, specially with the spec people.
This phase has already been started, with a quick review of some previous work on this area. After a more completed study of the Telepathy spec and OTR protocol, the new interface will be proposed.
Draft available here
OTR implementation in Gabble: channels will gain encryption support, and peers authentication support. The client will be able to enable/disable encryption of a channel or authenticate/revoke authentication of peer at any time. The OTR library provided by cypherpunks.ca will be used, since it's considered to be a secure and correct implementation of the protocol. If bugs or limitations are found on the library they should be fixed inside the library, so security-critical parts of the implementation are reviewed and tested by a broader and more specialized audience. During development unit tests will be created and integrated into Gabble's continuous integration system.
- Basic OTR message exchange already implemented
- Peer authentication implemented
Client support: add means for the user to enable/disable channel encryption and to authenticate peers, on a per-contact basis, on Empathy.