Feature request: Off-the-record plugin

Asked by fi-dschi on 2008-01-03

Hello,
Is this the right place to submit feature requests? To tell you the truth, for me your several web pages (thecoccinella.org, sourceforge, launchpad) cause some confusion. So please tell me if something is wrong with posting here.

I think it would be of great value if Coccinella could talk end-to-end-encrypted.
As for now afaik, there is only client-server encryption, is that right?
So it would be great if you could could e.g. make use of the OTR-library used by gaim and others available at:
http://www.cypherpunks.ca/otr/

Regards,
fi-dschi

Question information

Language:
English Edit question
Status:
Solved
For:
Coccinella Edit question
Assignee:
No assignee Edit question
Solved by:
sander
Solved:
2008-01-03
Last query:
2008-01-03
Last reply:
2008-01-03
Best sander (s-devrieze) said : #1

You're close. Feature requests should be posted under the Bugs section on Launchpad (here). So, please repost your feature wish over there.

OTR is not secure enough IMO:
http://blog.bepointbe.be/index.php/2007/03/29/20-mod_otr

This man in the middle attack is a big problem for Coccinella's target group (grandmothers etc): they will think they are secure, but in fact there may be a man in the middle attack. Besides all this, I think it is better to wait until the XSF has created a better and mature end-to-end encryption solution which is standardized.

sander (s-devrieze) said : #2

Other comment:
* sourceforge: used for development repository and downloads of the official Coccinella releases (they have good and reliable mirrors around the world!)--> if the Coccinella main website is down for whatever reason, people still will be able to download Coccinella
* thecoccinella.org/coccinella.im --> both domains are registered at a different registrar which are also different from our hosting provider; in case of DNS issues, the website will still be reachable via the other domain
* Launchpad --> much better tools than sourceforge

Main advantages for this spreaded use of different services:
* We can use the best tools of each service
* If one of the services we use has problems, not the whole Coccinella project is affected

Any suggestion how we can reduce the confusion which is the main disadvantage of our risk distribution strategy?

Thank you for your quick answer. I believe you know much more about jabber and XSF than I do, so I will simply be patient and wait for that XSF standard.
If something of this kind is to be created implementing the existing otr would be too much of an effort, although I still am of the opinion that OTR would ensure enough of security for users like me who would at least exchange keys over a different network than jabber, e.g. email. But I am much more concerned about what the server provider is using my data for than any bad man in the middle, for whom the interest in me should be fairly small. And a server provider won't try to decrypt as long as the masses of users don't use encryption.

Regards,
fi-dschi

Thanks sander, that solved my question.

About the confusion with your websites:

You could include the information you just gave me in your home pages so everybody who has anything to say about coccinella will see at one glance where he is supposed to go.

How about the forum on the website? What is this for? There is also a forum on sourceforge. And one can submit feature requests there...

I think this is necessary as there might be many users who would like to tell you something but they don't find the right place and decide against a submission very fast. Another disadvantage of your strategy: The users need several accounts to be able to use the different platforms. If coccinella wasn't that promising in my eyes i would not even have created an lauinchpad account, which is really very easy and no threat to privacy at all.

fi-dschi

sander (s-devrieze) said : #6

> You could include the information you just gave me in your home pages so
> everybody who has anything to say about coccinella will see at one
> glance where he is supposed to go.

I made the Development page at the website more clear.

> How about the forum on the website? What is this for?

For all kind of interaction with users of Coccinella.

> I think this is necessary as there might be many users who would like to
> tell you something but they don't find the right place and decide
> against a submission very fast. Another disadvantage of your strategy:
> The users need several accounts to be able to use the different
> platforms. If coccinella wasn't that promising in my eyes i would not
> even have created an lauinchpad account, which is really very easy and
> no threat to privacy at all.

The advantage of not making it too easy is that we don't get too much
duplicate bug reports and feature requests. All these duplicates needs
to be closed and cost us time that we could better spend on other
things. Also, the quality of the reports in the tracker will be
higher. E.g. it happens some user reports a bug in the forum, but this
bug report is not clear and we need to ask the user for more details.
When we get these, we add the report to the bug tracker and the bug
tracker will be less polluted by poor bug reports with several
comments to get more details.