Reply to topic

Kopete: How can I verify that OTR is working?

User avatar psychonaut
Registered Member
Posts
11
Karma
1
OS
An ICQ chat buddy and I are both using Kopete. We decided we want to communicate securely, and heard that there's a plugin for this named OTR. So we both went to Settings -> Configure -> Plugins, enabled the OTR plugin, clicked the configuration button next to it, generated a fingerprint for our ICQ accounts, and left the "Default OTR Policy" radio button at "Opportunistic". We're now sending messages to each other, but everything looks exactly the same as before we did this. Shouldn't there be some visual indication that the messages are being sent securely? Or have we done something wrong? We note that if we go back to the OTR configuration dialog, the "Known Fingerprints" tab is empty. Shouldn't each of us see the other's ICQ ID in this tab?
User avatar bcooksley
Administrator
Posts
18586
Karma
83
OS
The only way to really verify if OTR is working would be to sniff the ICQ protocol on the wire and search for your messages.
As a test, you could try right clicking on your contact, and changing the specific OTR policy for them to "Always" which should force a key exchange.


System Settings and Device Actions KCM maintainer
Image
User avatar psychonaut
Registered Member
Posts
11
Karma
1
OS
bcooksley wrote:The only way to really verify if OTR is working would be to sniff the ICQ protocol on the wire and search for your messages.
That seems like a pretty poor design choice. Web browsers have had conspicuous visual indicators that an HTTP connection is encrypted for almost twenty years now. Everyone's been conditioned not to submit sensitive information over the web unless their browser shows the connection to be secure. Likewise all e-mail clients supporting encryption clearly mark encrypted messages as such, both at time of composition and receipt. But you're telling me that after setting up OTR in Kopete, the vast majority of users have absolutely no way of telling that it's even active? What's the point of setting up a secure channel if, without specialized tools and technical knowledge, there is no clue that your traffic is actually being routed through it?
User avatar bcooksley
Administrator
Posts
18586
Karma
83
OS
I'm not sure if there is a user interface signal - I have never used OTR before.

With regards to checking if it is enabled, try opening a chat and then select "Start OTR Session" from the "OTR Encryption" drop down at the top of the chat window. You'll likely need to do this at least once per contact you are going to use OTR with, if not for every time you communicate with them.


System Settings and Device Actions KCM maintainer
Image

 
Reply to topic

Bookmarks



Who is online

Registered users: 16777216, alake, Baidu [Spider], Bing [Bot], edmael, Exabot [Bot], garthecho, Google [Bot], Hans, joshaughnessy, koriun, Majestic-12 [Bot], north, raymondsarver, urgo, verbalshadow, Yahoo [Bot]