[sip-comm-dev] Implementation of the OTR feature - a test report


#1

Hi all,

to see how the work is ongoing for the OTR feature I did some
tests. After all I'm quite satisfied with the results.

I took the project requirements page at

<http://www.sip-communicator.org/index.php/GSOC2009/OTR>

as a guideline for my tests.

My test setup is as follows:

- openfire as a local Jabber server, configured not to use SSL/TLS
  (thanks George for the hint)

- pidgin with OTR plugin as the other IM client

- a complete SC build from the GSoC09/OTR branch (did an SVN update
  yesterday evening, now at rev 5782)

- running wireshark to monitor the messages on "the wire"

All tests were done running Linux (openSuse 11.1) and
Java 6 (build 1.6.0_13-b03), 64-bit system

Tests done so far:

- During the tests I could start a private (encrypted) session from
  both clients and I could also stop it.

- The SC client starts with private session if the OTR configuration
  enables this (default setting)

- The menu entries to start/stop/authenticate/restart the private
  session are availabe and working.

- The help functions work, displaying a help page

- The verification of the message using wireshark shows that no plain
  text is sent, always encrypted for a privat chat.

- An interface that shows the own key and the foreign key to
  authenticate is available and working. Storing of authenticated keys
  need to be done (IMHO also pidgin misses this feature, at least
  I didn't see an option to store the authentication info)

Open issues (maybe this could be a mis-configuration of OTR inSC):

- when stopping a private chat then SC sends plain data to
  pidgin, as expected. If pidgin send plain data then SC receives the
  plain data but then immediatley re-starts the private session
  mode. This is somewhat irritating, but it is a minor problem.

- The locked/unlocked (encrypted/not-encrypted) indicator in the chat
  window seems to be wrong (need to re-check because the automatic
  restart of private session, see above)

No tested so far:
- fragmented messages

First conclusion with respect to the GSoC OTR project requirements
(refer to linked project page):

First term:

topics 1 - 4 are ok (however, I tested one protocol only)

Second term:

topic 1: ok
topic 2: ok (re-check for correct display)
topic 3: ok, this includes the subtopics
         (available as menus items, need to check the button right-click)
topic 4: ok, help message are shown, not yet tested in every detail
topic 5: not yet tested (how to generated fragmented messages?)
topic 6: partly ok, storage of authenticated keys yet open, where to store?
topic 7: ok, as far as otr4j library is concerned

Note regarding topic 6: IMHO this topic this should be regarded as OK,
storage of keys should be addressed in a more generic way in SC (ZRTP
may re-use this as well to store some ZRTP specific info for contacts).

Hope this report gives you some good vibrations about the OTR feature :slight_smile: .

Regards,
Werner

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#2

Hello all,

Werner, thank you for testing the OTR branch!

- An interface that shows the own key and the foreign key to
authenticate is available and working. Storing of authenticated keys
need to be done (IMHO also pidgin misses this feature, at least
I didn't see an option to store the authentication info)

In Pidgin the UI is under Tools>Plugins>Off the Record Messaging>Configure
Plugin

Based on that dialog I build the Configuration Pane (
http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370203254108581922)

topic 4: ok, help message are shown, not yet tested in every detail

The URL that is launched is located in
resources/languages/resources.properties, it is configured as an
internationalized string, so it is easy to change the page for each
language.

topic 5: not yet tested (how to generated fragmented messages?)

Not implemented yet.

topic 6: partly ok, storage of authenticated keys yet open, where to

store?

Working on to provide basic functionality based on the Pidgin GUI. I plan to
store private keys and fingerprints in SC configuration. Hopefully this will
be done by Monday :slight_smile:

kind regards,
George


#3

- when stopping a private chat then SC sends plain data to
pidgin, as expected. If pidgin send plain data then SC receives the
plain data but then immediatley re-starts the private session
mode. This is somewhat irritating, but it is a minor problem.

- The locked/unlocked (encrypted/not-encrypted) indicator in the chat
window seems to be wrong (need to re-check because the automatic
restart of private session, see above)

Regarding this issue, have you have tried to uncheck "Automatically
initiate private messaging" in the contact right click menu
(http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370203257652903570)
or in the global policy options dialog
(http://picasaweb.google.com/Geekius.Caesar/OTRPluginUI#5370713614898943698)?

P.S. I think only the global policy options are available in the
revision you tested against.

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net