[sip-comm-dev] GSoC 09 - Off the Record Messaging - Firm Pencils Down Update


#1

Hello all,

This summer has been fruitful, fun, challenging and occasionally
stressful (no pain, no gain!). It was like.. great!

The aim of this project was to add the possibility for SIP
Communicator users to initiate secure and authenticated private
conversations with perfect forward secrecy and deniability using the
Off-the-Record Messaging protocol
(http://www.cypherpunks.ca/otr/index.php).

With the help of my mentors, this functionality is implemented in the
GSoC 09' OTR branch
(https://sip-communicator.dev.java.net/svn/sip-communicator/branches/gsoc09/otr).

What follows is an overview of what has been done, which resembles the
current status of the project. You can compare this list with the
official project requirements list
(http://www.sip-communicator.org/index.php/GSOC2009/OTR).

First term:

  1. Select a java lib that handles encryption
  
    There was no otr java library available so a new one had to be
created from scratch. For a detailed overview of what had to be done
please refer to my blog here:


    
    The resulting library is otr4j, it hosted on Google Code
(http://code.google.com/p/otr4j/) and it is licenced under the LGPL.

  2. Create a transformation operation set
  3. Implement support for the transformation set in all protocols
  4. Implement an OTR encryption bundle prototype/proof of concept that
encrypts all conversations

Second term:

  Second term involved GUI, for that reason I have created a Picasa Web
Album (http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI) to make
it easy to have a quick overview of what has been implemented.

  1. Make the OTR plugin register an encryption button in the tool and
menu bars of the chat window
  
    Toolbar Button:
http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370203249836916818
    Menubar item:
http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370203258558069378
    
  2. The above mentioned button should indicate the status (locked or
not) of the current chat
  3. The above mentioned button should also contain (at least) the
following options

    1. Start an encrypted chat
    2. End encrypted chat
    3. Authenticate/Verify contact:
http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370203249786047458
    4. Auto encrypt every session with this contact (Essentially this
means per contact OTR policy)
    5. Help/ What is this (open a browser to the OTR home page)

  4. Implement support for clients that do not have OTR (Implemented,
there are some known issues to be fixed)
  5. Add support for incoming fragmented messages (Not yet, working on it)
  6. Configuration interface that allows generating and displaying our
own key as well as managing other people’s keys:
http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370713614898943698
  7. JUnit tests that run with every protocol (Not yet, expect some
unit tests next weeks)

Future:

  I will at least be maintaining the SIP Communicator OTR plugin and
improve otr4j. SIP Communicator is a great project and it has a great
community, I look forward to continue working with all of you :slight_smile:

kind regards,
George

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net