OTR Injectable Application & Implement a Chat Injectable Application
40 views
Skip to first unread message
santhosh sai
Apr 17, 2013, 11:23:44 AM4/17/13
to pri...@googlegroups.com
hello Everyone,
I am in my final year at Indian Institute of Technology Bhubaneswar, Im interested in "Implement an OTR Injectable Application" & "Implement a Chat Injectable Application"
@Sean McGregor Can you give a clear difference between OTR Injectable Application & Implement a Chat Injectable Application in terms of specifications and implementation.Also can you invite me to the development server.
Sean McGregor
Apr 17, 2013, 4:56:13 PM4/17/13
to pri...@googlegroups.com
Hello Santhosh,
Welcome!
OTR versus cleartext chatting is actually a discussion I wanted to get started.
The choice is really between robust functionality and strong security.
A cleartext chat injectable application sets the security requirements
fairly low since it could be an IRC web client that is viewed in the
context of the host page. It promises much less in terms of security
and privacy, but it is highly functional.
The OTR injectable application will offer a lot more in terms of
security and privacy since the conversation is end-to-end encrypted.
However, for OTR+Privly to fulfill its potential it has to maintain
the security properties of OTR. For example, you should completely
understand CryptoCat's threat model [1] and know how building
CryptoCat on Privly may affect the score.
Particularly challenging in the case of Privly is that the chat
session will be tied to the URL found in the context of the host page.
If the URL contains the session identifier, then the host page may
mount an "Unwanted User Attack." One way to circumvent the attack
would be to push an encrypted identifier to a remote server, but this
idea must be thoroughly examined.
-Sean
[1] https://github.com/cryptocat/cryptocat/wiki/Threat-Model
> --
> You received this message because you are subscribed to the Privly
> development mailing list. To post to this list, send email to
> pri...@googlegroups.com. To unsubscribe from this group, send email to
> privly+un...@googlegroups.com. For more options, visit this group at
> https://groups.google.com/d/forum/privly?hl=en
>
> Privly testers should also sign up for this list:
> https://groups.google.com/forum/#!forum/privly-test
> ---
> You received this message because you are subscribed to the Google Groups
> "privly" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to privly+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Sean McGregor
Oregon State University, Department of Computer Science
Twitter: seanmcgregor
irc.freenode.net: smcgregor
Welcome!
OTR versus cleartext chatting is actually a discussion I wanted to get started.
The choice is really between robust functionality and strong security.
A cleartext chat injectable application sets the security requirements
fairly low since it could be an IRC web client that is viewed in the
context of the host page. It promises much less in terms of security
and privacy, but it is highly functional.
The OTR injectable application will offer a lot more in terms of
security and privacy since the conversation is end-to-end encrypted.
However, for OTR+Privly to fulfill its potential it has to maintain
the security properties of OTR. For example, you should completely
understand CryptoCat's threat model [1] and know how building
CryptoCat on Privly may affect the score.
Particularly challenging in the case of Privly is that the chat
session will be tied to the URL found in the context of the host page.
If the URL contains the session identifier, then the host page may
mount an "Unwanted User Attack." One way to circumvent the attack
would be to push an encrypted identifier to a remote server, but this
idea must be thoroughly examined.
-Sean
[1] https://github.com/cryptocat/cryptocat/wiki/Threat-Model
> You received this message because you are subscribed to the Privly
> development mailing list. To post to this list, send email to
> pri...@googlegroups.com. To unsubscribe from this group, send email to
> privly+un...@googlegroups.com. For more options, visit this group at
> https://groups.google.com/d/forum/privly?hl=en
>
> Privly testers should also sign up for this list:
> https://groups.google.com/forum/#!forum/privly-test
> ---
> You received this message because you are subscribed to the Google Groups
> "privly" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to privly+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Sean McGregor
Oregon State University, Department of Computer Science
Twitter: seanmcgregor
irc.freenode.net: smcgregor
Reply all
Reply to author
Forward
0 new messages