Bug 55562 - PGP plugin not following JEP-0027 for Jabber msg (jabber:x:encrypted)
Summary: PGP plugin not following JEP-0027 for Jabber msg (jabber:x:encrypted)
Status: RESOLVED FIXED
Alias: None
Product: kopete
Classification: Unmaintained
Component: Cryptography Plugin (other bugs)
Version First Reported In: 0.6.1a
Platform: openSUSE Linux
: NOR normal
Target Milestone: ---
Assignee: Kopete Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-03-05 16:16 UTC by ktom
Modified: 2003-08-15 11:35 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description ktom 2003-03-05 16:16:27 UTC 
Version:           0.6.1a (using KDE KDE 3.1)
Installed from:    SuSE RPMs
OS:          Linux

Encrypted jabber messages do not follow JEP-0027 <http://www.jabber.org/jeps/jep-0027.html>. JEP-0027 defines PGP encrypted (and signed) Jabber messages. Encrypted messages cannot be exchanged with non-Kopete users.

- ktom
Comment 1 Olivier Goffart 2003-03-05 16:41:11 UTC 
The PGP plugin is a kopete general plugin, not only a jabber one. 
That mean, jabber is the only one protocol i know which has the possibility to send 
encrypted message. 
It would be hard to do this.  
 
however, i already talked with Till about this features. We was thinking about a 
KopeteMessage::encrypted  format, similar to the plainText one, and handled only 
by the PGP plugin, and jabber
Comment 2 Jason Keirstead 2003-03-05 16:54:14 UTC 
> That mean, jabber is the only one protocol i know which has the 
> possibility to send  encrypted message.  
 
This isn't really true.. Licq , Sim-ICQ, and some other ICQs can 
exchange secure data using SSL. Also, Trillian clients can connect to 
each other using SSL. Not sure if either is compatable with eachother 
though.
Comment 3 ktom 2003-03-05 16:59:51 UTC 
I do not trust the server, so I want the message and not the transport to be secured.
Comment 4 Martijn Klingens 2003-03-05 17:01:43 UTC 
Subject: Re: [Kopete-devel]  PGP plugin not following JEP-0027 for Jabber msg (jabber:x:encrypted)

On Wednesday 05 March 2003 16:54, Jason Keirstead wrote:
> This isn't really true.. Licq , Sim-ICQ, and some other ICQs can 
> exchange secure data using SSL. Also, Trillian clients can connect to 
> each other using SSL. Not sure if either is compatable with eachother 
> though.

SSL-encrypted messages are host-to-host encrypted, but NOT person-to-person. 
I.e., I could enable SSL without knowing your passphrase. This really isn't 
the same thing.
Comment 5 Jason Keirstead 2003-03-05 17:10:37 UTC 
>I do not trust the server, so I want the message and not the transport to 
>be secured.  
 
It has nothing to do with the server. The clients are directly connected 
via SSL. The server is not involved. It only works for direct connections. 
 
>SSL-encrypted messages are host-to-host encrypted, but NOT 
>person-to-person.  I.e., I could enable SSL without knowing your 
>passphrase. This really isn't  the same thing.  
 
No, it's simpler :)
Comment 6 ktom 2003-03-05 17:25:57 UTC 
A solution for Jabber and GPG would be much appreciated. I cannot help coding, but would 
serve as tester.
Comment 7 Martijn Klingens 2003-03-05 17:36:53 UTC 
Subject: Re: [Kopete-devel]  PGP plugin not following JEP-0027 for Jabber msg (jabber:x:encrypted)

On Wednesday 05 March 2003 17:10, Jason Keirstead wrote:
> >SSL-encrypted messages are host-to-host encrypted, but NOT 
> >person-to-person.  I.e., I could enable SSL without knowing your 
> >passphrase. This really isn't  the same thing.  
>  
> No, it's simpler :)

Does it require firewall changes to work? Our current encryption framework is 
generic and works whenever non-encrypted communication works too.

The encryption that SSL offers itself is fairly secure, so in that respect it 
should be about the same. There's no possibility to sign messages to prove 
you're indeed the author of a message though, but in its current form our 
plugin doesn't have that ability either.
Comment 8 Jason Keirstead 2003-03-05 17:50:34 UTC 
I think you guys are mis-interperting the purpose of what I am saying. I 
am not trying to say "SSL IS DA BOMB, SSL RULEZ GPG YUZ SUCK!", I 
am just saying that if all these clients already support SSL encryption 
and it is widely used (on both windows and Unix) , it is something to 
look at supporting as well. 
 
Also, I can't see it needing any firewall changes other than what is 
already needed for direct IM with ICQ.
Comment 9 Olivier Goffart 2003-03-05 19:11:11 UTC 
Subject: Re: [Kopete-devel]  PGP plugin not following JEP-0027 for Jabber msg (jabber:x:encrypted)

I am saying that PGP sucks for IM system.

PGP grow the size of messages and take a lot of mor CPU time than SSL

AFAIK, SSL use sessions key, which are verry more usefull for instant 
messaging, and verry more performent.

</end>

I am however writing the PGP plugin because:
1- it is fun
2- i want to use my right to use secure way to comunicate
3- MSN (for exemple) doesn't have SSL support include in the protocol
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+ZjsVz58lY8jWrL0RAjrqAJsHgx6FaFQM0GlrbxPeLMLGdolU1wCdHd49
2Yy/qAZEfbnH/FTUbj+dpnk=
=VJCa
-----END PGP SIGNATURE-----
Comment 10 ktom 2003-03-06 13:23:25 UTC 
Thanks Oliver for your commitment to PGP for Jabber. Much appreciated. 
 
We still can discuss offline whether SSL or PGP is best suited for the task...
Comment 11 Till Gerken 2003-03-06 21:24:18 UTC 
PGP is definitely best suited for the task in case of Jabber because Jabber defines it 
as a standard way to exchange encrypted messages. Many other clients support it, 
so our users expect us to do so as well.
Comment 12 Till Gerken 2003-07-25 22:54:42 UTC 
Fixed in CVS HEAD as of 5 minutes ago. Will be included in 0.7.
Comment 13 ktom 2003-08-15 11:35:34 UTC 
Thanks for fixing and kudos for kopete 0.7.1, which is great!