Icq
Konrad Podloucky
konrad@crunchy-frog.org
Sun Nov 10 13:15:01 2002
--=-lg4JadSDZAaNIHiEgL4M
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2002-11-10 at 05:06, Lionel Elie Mamane wrote:
> On Sat, Nov 09, 2002 at 06:20:01PM -0500, David Shaw wrote:
>=20
> > Note that the "gabber" Jabber client uses GnuPG for encryption. I
> > don't use it myself, but I have heard it is quite nice.
>=20
> Yes, indeed, it works quite well, except it will silently fail if your
> key is expired or such, and send empty messages to your
> correspondent. Confusing at first :)
>=20
Yep, and unfortunately Gabber's GPG interface stopped working with gpg >
1.0.7 IIRC. Julian (the project manager) didn't want to fix it, because
he didn't want to mess with it just before a 1.0 release. As you said
they wanted to switch to gpgme eventually and use Jabber's encryption
standard.
> Please note that the way it does it looks open to man in the middle
> attacks to me. I never checked entirely, but from its stderr output it
> looks it encrypts the messages to whatever key has signed the presence
> it received.
>=20
Yup. The GPG implementation is far from perfect (at least it was that
way, when I still had time to work on Gabber). However if you know how
to use it, it's a nice feature ;o)
> Oh, and I never had it working with a passphrase on the key. So I use
> it with short-lived keys I use only for that.
>=20
That actually did work. At least with gpg versions up to 1.0.6
[...]
Cheers,
Konrad
--=20
"All this marching up and down and cheering and waving flags is=20
simply sex gone sour."
--George Orwell, "Nineteen Eighty-Four"
--=-lg4JadSDZAaNIHiEgL4M
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQA9zk4/bMSf/LrLCGcRAjtQAJ9aGdRxYmkR8wgzNZwv7aaYBKpXrQCeJU9Z
V4JcoLVdr+IEyYx836xQNzY=
=zSCc
-----END PGP SIGNATURE-----
--=-lg4JadSDZAaNIHiEgL4M--