Post A2UCGLcas04oX2idLk by coyote@lain.sh
(DIR) More posts by coyote@lain.sh
(DIR) Post #A2UAlZHRw7QRxmaWoa by IceWolf@meow.social
2020-12-18T16:14:01Z
1 likes, 0 repeats
Literally everyone it feels like: "XMPP is absolutely wonderful and has zero problems whatsoever!"#XMPP: *provides absolutely no way to share keys between devices or re-sign them or anything, so we're literally stuck on our first device /forever/*
(DIR) Post #A2UAlZaamwjov9XoeW by icedquinn@blob.cat
2020-12-23T07:28:56.496466Z
0 likes, 0 repeats
@IceWolf well, no. every new device has a new OMEMO key and those get exchanged with the person you are talking to if they haven't already been. there are ways to check this in some clients that show you know multiple keys for a particular person.what you lose is having a unified chat history across devices. i'm not sure if servers bother to try to archive encrypted messages since only the device they were sent to could read them anyway.(there are theoretical ways around this but i don't think XMPP presently uses them.)
(DIR) Post #A2UBNwTQ9ZYstpUBGK by coyote@lain.sh
2020-12-23T07:35:52.895126Z
0 likes, 0 repeats
@icedquinn @IceWolf archival is dependent on the server and how it's configured. The server will treat encrypted messages and unencrypted messages in the same manner, and archive them the same amount of time.Personally, I like PGP sometimes because you can move keys to different devices and keep your chat history, but OMEMO is good for a less-permanent chat log IMO. I just wish OTR had a modern equivalent.
(DIR) Post #A2UBRhiMy6xoHfGuPY by icedquinn@blob.cat
2020-12-23T07:36:33.596982Z
2 likes, 0 repeats
@coyote @IceWolf i thought OMEMO *was* the modern equivalent of OTR.
(DIR) Post #A2UBcxpbO5ULSE1Xai by tdemin@udongein.xyz
2020-12-23T07:38:36.015524Z
1 likes, 0 repeats
@coyote @icedquinn @IceWolf OTR is not supposed to have a "modern" equivalent since it's perfectly portable across pretty much anything that supports text messaging and presence (and that's why it's that poor in use with XMPP/etc).
(DIR) Post #A2UBo6BmebDYYphzxg by tdemin@udongein.xyz
2020-12-23T07:40:36.710354Z
1 likes, 0 repeats
@coyote @IceWolf @icedquinn (what I originally also meant to say but the Ctrl+Enter reflex is hard) OTR has been confirmed to work fine with IRC, AIM, ICQ, etc since it requires basically nothing but those two from its transport
(DIR) Post #A2UC4A59wlizGiGluq by coyote@lain.sh
2020-12-23T07:43:30.960564Z
0 likes, 0 repeats
@icedquinn @IceWolf I thought OTR had some features that were quite different, for some reason I thought it was p2p (or is that only for file transfer?) and also that the messages didn't hit the server, but I've never used it since it's insecure...
(DIR) Post #A2UC7kmPxiEfxADSAC by newt@stereophonic.space
2020-12-23T07:44:10.231100Z
0 likes, 0 repeats
@IceWolf also XMPP: *DEAD*
(DIR) Post #A2UCBdwhJUelupsZ96 by coyote@lain.sh
2020-12-23T07:44:51.745985Z
0 likes, 0 repeats
@tdemin @IceWolf @icedquinn Oh, I should have specified that I meant "not insecure". If I recall OTR has been insecure for a number of years (dunno the specifics)
(DIR) Post #A2UCGLcas04oX2idLk by coyote@lain.sh
2020-12-23T07:45:43.092011Z
0 likes, 0 repeats
@tdemin @IceWolf @icedquinn do you happen to know if OTR is still secure or updated?
(DIR) Post #A2UCMWLptFFBXyp9u4 by tdemin@udongein.xyz
2020-12-23T07:46:49.357981Z
1 likes, 0 repeats
@coyote @IceWolf @icedquinn well libotr's last update dates 2016, not sure of the forks but I wouldn't trust them much anyway
(DIR) Post #A2UCRtfWchr9JTb5KC by icedquinn@blob.cat
2020-12-23T07:47:47.767137Z
1 likes, 0 repeats
@coyote @IceWolf As far as I know OTR handshakes occur over the protocol with a special message.Amusingly, the Firestorm/Emerald viewers for second life used to do OTR encryption over all IM's.
(DIR) Post #A2VBuuA3xuugRV6p5U by IceWolf@meow.social
2020-12-23T12:52:25Z
1 likes, 0 repeats
@coyote I think OTR also only operates on a "one device" model, which doesn't work for us.