[Telepathy] Encryption and OTR
Xavier Claessens
xclaesse at gmail.com
Thu May 6 23:29:29 PDT 2010
TLS/SSL will encrypt your messages from you to gtalk server. But gtalk
server will decrypt it to send to your destination contact (and
eventually re-encrypt). That means that Google can read your conversations.
OTR is a p2p encryption, so only the end destination can decrypt the
message, any people between you and your contact will only see encrypted
data. In that case Google won't be able to read what you say.
So IMO the question is: "do you trust your server", if not you should
use OTR, otherwise TLS/SSL is enough. tbh if you don't trust your sever,
you already lost...
Xavier Claessens.
Le 07/05/10 07:06, Reşat SABIQ a écrit :
> Hi,
>
> I would appreciate any clarifications with regards to encrypted
> communication, in particular when using gtalk.
> Specifically, here it says
> A. OTR is currently not supported:
> http://live.gnome.org/Empathy/FAQ#Will_Empathy_have_OTR_.28.22Off_The_Record.22.29_support.3F
>
> But at the same time, for gtalk, there is a checkbox under account
> setting, Advanced:
> Encryption required (TLS/SSL)
>
> The latter suggests to me that
> B. when Encryption required (TLS/SSL) checkbox is selected, gtalk
> correspondence will be encrypted.
>
> Are both statements, A. and B., true? If so, what extra benefit will
> future support for A. bring? If B. is true, it appears that it would
> just eliminate logging when in OTR, but that can't be it, because that
> can be done w/o protocol modifications.
>
> Thanks.
> _______________________________________________
> telepathy mailing list
> telepathy at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/telepathy
More information about the telepathy
mailing list