OTR

[nb333]

Based on the feedback we've received from multiple people regarding our current structure, we are trying to implement OTR, instead of the custom protocol we had in mind.

Please let me know if you're interested in helping. :)

[tarqd]

See my comment on #51 (https://github.com/openfaux/openfaux-client/issues/51).

OTR Libaries: Pure JS (Emscriptlen Compiled): otr4-em Native Bindings (Node.js bindings to the native library used by pidgin, adium and others): otr4

[elimisteve]

Implement OTR in what language? You can find the libotr C source here: http://sourceforge.net/p/otr/libotr/ci/master/tree/

[elimisteve]

The README mentions Python as the server-side language. There's this Python OTR implementation: https://github.com/afflux/pure-python-otr

[nb333]

@elimisteve JavaScript for client-side and Python for server-side.

[louismullie]

Cryptocat has a good implementation at https://github.com/cryptocat/cryptocat/blob/master/src/core/js/lib/otr.js

It's maintained by @kaepora and has been very well reviewed. I would advocate for this implementation on the client side.

[nb333]

@louismullie @kaepora Thanks for the mention! I'm very familiar with Cryptocat. Quick question though, can OTR be repurposed for HTTP?

[mischief]

what's the goal here with using OTR? if the goal is perfect forward secrecy, tls already offers ciphersuites which have pfs.

[Fohlen]

Still doesn't that lead to relay traffic using a proxy-sided server? You made any thought about resolving this issue so far? @nb333 Note there's a pure python implementation of OTR - https://github.com/afflux/pure-python-otr Please also note that OTR is designed for encrypting conversations, although it is a strong e2ee encryption this leads to make OTR less usable for large texts (such as images, videos!)