[Telepathy] Encryption and OTR

Xavier Claessens xclaesse at gmail.com
Thu May 6 23:29:29 PDT 2010


TLS/SSL will encrypt your messages from you to gtalk server. But gtalk 
server will decrypt it to send to your destination contact (and 
eventually re-encrypt). That means that Google can read your conversations.

OTR is a p2p encryption, so only the end destination can decrypt the 
message, any people between you and your contact will only see encrypted 
data. In that case Google won't be able to read what you say.

So IMO the question is: "do you trust your server", if not you should 
use OTR, otherwise TLS/SSL is enough. tbh if you don't trust your sever, 
you already lost...

Xavier Claessens.

Le 07/05/10 07:06, Reşat SABIQ a écrit :
> Hi,
>
> I would appreciate any clarifications with regards to encrypted
> communication, in particular when using gtalk.
> Specifically, here it says
> A. OTR is currently not supported:
> http://live.gnome.org/Empathy/FAQ#Will_Empathy_have_OTR_.28.22Off_The_Record.22.29_support.3F
>
> But at the same time, for gtalk, there is a checkbox under account
> setting, Advanced:
> Encryption required (TLS/SSL)
>
> The latter suggests to me that
> B. when Encryption required (TLS/SSL) checkbox is selected, gtalk
> correspondence will be encrypted.
>
> Are both statements, A. and B., true? If so, what extra benefit will
> future support for A. bring? If B. is true, it appears that it would
> just eliminate logging when in OTR, but that can't be it, because that
> can be done w/o protocol modifications.
>
> Thanks.
> _______________________________________________
> telepathy mailing list
> telepathy at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/telepathy


More information about the telepathy mailing list