 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Mark Woodward wrote: > OTR encrypts an IM TCP stream so that agents between the two end points > shouldn't be able to read the data. Technically, I believe OTR encrypts the message, which then gets handed off to the particular IM protocol, which in turn is transported via TCP. I imagine there is a fair bit of data leakage in those intermediary layers, such as identifying both parties in the conversation. One can envision a more security oriented IM protocol where intercepting a connection between a client and the server would expose nothing about who the other client is (the interceptor would be able to identify the IP of at least one client), and with the use of padding and no-op messages you could also obscure the size and timing of your messages. (Have you heard that encrypted voice streams that use a variable bitrate codec (for example, Skype) can be decoded by mapping the pattern of data bursts to English phrases?) -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
