jappix
OTR Support
Hello, why is it not in the TODO list anymore ? I think it was a great improvement for jappix. Is there an alternative technology you want to use to achieve P2P cryptography ?
I agree with dolanor; OTR would be very useful indeed. There's a project called Converse.JS which provides an already functional example of OTR in browser, implemented in JavaScript.
Will jappix employ mpOTR for MUC? Xmpp Texting without end2end encryption is of little value.
I agree with Off-the-record (OTR) encrypted messaging in jappix, at least in private single-user conversations, implementation wich exist for binary clients, and is well known. mpOTR for MUC or OTR for multi-user chats doesn't exist neither for regular clients, and is now feauture cryptocat still trying to implement in its client. XEP-0188: Cryptographic Design of Encrypted Sessions ..conceptual model for the approach specified in this document was inspired by "off-the-record" (OTR) communication.. recently has been implementented in converse.js and jsxc trough otr.js. What I like of jappix first is its lightness, especially in the mini version, and the painless configuration of sasl anoymous login and server generated JID without a password, both other two competitors seems can't manage this very well, and the possibilty to query another user immediatly at login. Don't even have to clic, on page load conversation start. The opporunity to start an encrypted end to end conversation jappix network servers, that often offers sasl-anonymous well configurated on server side, should be a very useful and appreciated thing indeed with this light client. Thank You for you effort.
Considering implementing OMEMO rather, as it is more XMPP-ish + enables multi-device message synchronization.
See: http://conversations.im/omemo/
I use Signal a lot, and I think Axolotl is a great idea. Totally for using this on top of xmpp. And the multi device is a real issue. Great that it tackles with it.
There is no omemo javascript implementation at this time, omemo aim to securely identify devices to obtain multi end point delivery.
The "issue" here is end to end encryption, which has some limitation in offline delivery.
Axolotl aims to solve offline delivery but not in the js implementation at the moment, through history syncronization (in regular clients not in a browser window).
So, here I hoped to get at least some kind of "old" e2e encryption that didn't come.
Now what are you promising? offline encrypted messages? or multi end points? that doesn't exist neither in binary clients (ok offline can be achieved through PGP as usual but not through OTR implementation loosing perfect forward secrecy and deniability), history sync is server dependant and many servers don't store offline messages for security purpose.
I really hope you stick with e2e encryption and eventually the possibility to decrypt offline messages sent with jappix and recieved in a regular client. (do you really want to solve an offline e2e encrypted message recieved by a js client offering perfect forward secrecy and deniabilty? in javascript?)
but for now no encryption.
sorry.
@valeriansaliou
Considering implementing OMEMO
Yes, I would greatly appreciate this over mpOTR and OTR.
After almost 2 years... any news on OMEMO? See also: https://omemo.top/ more and more clients add it...
