encryption negotiation like pidgin-otr but for email

August 20, 2008

Dear LazyWeb,

I’ve recently been using pidgin-otr a lot and I have to say, I love it. The setup is straightforward, I’ve watched the XMPP as it goes and I feel pretty good that google can’t see my stuff. Yay.

However, it makes me want to have a similar feature for evolution or tbird. Something so I can say “send this person an email and confirm encrytped communication between us”

I did some searching and I found nothing.

Any thoughts?

Posted by skvidal
Filed in Uncategorized
11 Comments »

11 Responses to “encryption negotiation like pidgin-otr but for email”

  2. Thruhike98 Says:

    August 20, 2008 at 4:31 am

    Oh, when you write “OTR” you mean “Off the Record.”
    I went another direction with that acronym and wasn’t sure why one would want _that_ in an instant messenger. ;)

    Cool feature. Thanks for the tip.

    Reply
  3. Onkar Says:

    August 20, 2008 at 4:32 am

    Can you please explain is OTR for IM is different from GPG for email?

    Reply
  4. Jochen Says:

    August 20, 2008 at 5:51 am

    Yes, you might check GPG or S/MIME. I prefere S/MIME with a certificat from thawte.com. They have a good interface and their certificats are more accepted, but you can use whatever you want.

    You can find more infos here:
    http://en.wikipedia.org/wiki/S/MIME

    Reply
  6. greg Says:

    August 20, 2008 at 1:05 pm

    i think you guys are missing out on the ease of setup part of the question. almost anyone can install and use OTR, including non-techies. GPG is still a techie thing. Having to get a cert from thawte is still a techie thing. I agree w/ him completely, easily utilized encrypted e-mail would be amazing. But at this point in time, the techie factor practically kills the ability to use it with all your contacts.

    One of the big problems (and its the same problem as with IM) is synching your keys across multiple clients. Web clients would be an issue as well cause storing your private key on your provider’s server removes one of the reasons you want it encrypted.

    Reply
  7. Stephen Smoogen Says:

    August 20, 2008 at 4:28 pm

    Well one of the factors with OTR is that it doesn’t encrypt your local keys. Thats part of the ease of using it. It also does some stuff to see if your contact has OTR set up. So for email it would require the following:

    EMAIL 1: Albert to Betty email 1
    do you have OTR-EMAIL. Here is my public key.
    EMAIL 2: Betty to Albert
    yes, here is my public key
    EMAIL 3: Albert to Betty
    here is my OTR-EMAIL
    EMAIL 4: Betty to Albert
    here is my reply.

    Of course if the person does not have OTR, you are going to get things like this:

    EMAIL 5: Betty to Albert
    can you send me your key again.. I just reinstalled and cant ready your old email.

    EMAIL FROM VP JOE:
    WHY ARE YOU SPAMMING ME EVERYTIME YOU SEND ME EMAIL!#!#!#
    WHY THE FU do I need OTR crap? I just want to know the budget numbers

    EMAIL FROM SPAMMER:
    Do you want viagra!? And thanks for using OTR-EMAIL. Your spam software cant read it so I don’t have to use V 1 A g r 4 any more… oh by the way, I just sent your private key to my .ru site because its unencrypted and you are using Tbirt-OTR which had a buffer overflow.. you might want to fix that…

    Reply
  8. Peter Says:

    August 23, 2008 at 11:43 am

    I am using pgp for email all the time. It goes like this: A user sends me an email which is signed with his key, I review the key (basically ask him is this your key ?) and add it, then I can send an encrypted email because I have the public key and I can sign it with my key so he can have mine public key and also send me encrypted emails.
    It is very nicely integrated with evolution – you just select from the menu Security – encrypt with PGP / sign with PGP. Also seahorse is now part of the Gnome desktop (I think) and it allows very easy creation of your own key and management of other ppl public keys.

    Reply
  9. Recent Links Tagged With "otr" - JabberTags Says:

    December 28, 2008 at 9:04 am

    [...] will begin Saved by sadashiv on Thu 18-12-2008 OTR 8-11-08 Saved by satyatdr on Sun 14-12-2008 encryption negotiation like pidgin-otr but for email Saved by thiago701 on Sat 13-12-2008 7th Annual Allen Cognitive Symposium – Boston 2008 Saved by [...]

    Reply
  10. Bookmarks about Encryption Says:

    January 13, 2009 at 1:00 pm

    [...] – bookmarked by 1 members originally found by kapo1999 on 2008-12-16 encryption negotiation like pidgin-otr but for email http://skvidal.wordpress.com/2008/08/20/encryption-negotiation-like-pidgin-otr-but-for-email/ – [...]

    Reply
  11. sushiosoyum Says:

    February 2, 2009 at 4:03 am

    I love Pidgin+OTR! Sadly only 2 of my 40 or so contacts use OTR :( If you’d like to add me, AIM SN —> sushiosoyum. I also use GnuPG/Enigmail and my address is sushiosoyum[at]gmail[dot]com.

    Reply

Leave a Reply