Off-the-Record Messaging Proxy version 0.1.1, 19 Jan 2005 This is a localhost AIM proxy which implements Off-the-Record (OTR) Messaging. It allows you to use OTR with almost any IM client, on Linux, OSX, Windows, and other platforms. *** NOTE *** This is a really early version of the proxy. It has some known bugs, and is missing many features. If you use it, please be prepared to give feedback to the otr-users mailing list. You should certainly join that list and the otr-announce list. See "MAILING LISTS" below for more information about the mailing lists. OTR allows you to have private conversations over IM by providing: - Encryption - No one else can read your instant messages. - Authentication - You are assured the correspondent is who you think it is. - Deniability - The messages you send do _not_ have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, _during_ a conversation, your correspondent is assured the messages he sees are authentic and unmodified. - Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised. For more information on Off-the-Record Messaging, see http://www.cypherpunks.ca/otr/ COMPILING To compile the OTR proxy, you'll need at least: - libgpg-error 1.0 [ftp://ftp.gnupg.org/gcrypt/libgpg-error/] - libgcrypt 1.2.0 [ftp://ftp.gnupg.org/gcrypt/libgcrypt/] - libotr 1.0.3 [http://www.cypherpunks.ca/otr/] Then just "make". USAGE This is a localhost AIM proxy: you run it on your local computer, and tell your AIM client to connect to it. [Right now the proxy only supports the AIM protocol. ICQ may also work. Other protocols may come later.] There are four common kinds of AIM proxies: SOCKS4, SOCKS5, HTTP, and HTTPS. This proxy supports SOCKS5, HTTPS, and HTTP. [If some software really needs SOCKS4, we may add it. Let the otr-users list know if you have such software.] ** Special note for gaim users: gaim claims to support SOCKS4, SOCKS5, and HTTP proxies. But what it calls an HTTP proxy is what everyone else calls an HTTPS proxy. ** Special note for iChat users: iChat has a bug which makes localhost proxies not work for SOCKS5 or HTTPS. So you have to use HTTP. The bug has been reported to Apple. You need to find a proxy method that your AIM client and otrproxy have in common. SOCKS5 is best, if that's available in your client. HTTPS is second-best. This early version of otrproxy has no user interface, except for printing messages to stdout. This means you need to run it in a terminal window. Just run "otrproxy". It should tell you: Off-the-Record Messaging Proxy Copyright (C) 2004-2005 Nikita Borisov and Ian Goldberg Proxy version 0.1.1, using OTR library version 1.0.3 This program is free software. See the file COPYING for details. OTR Proxy starting. Starting HTTP/HTTPS proxy on port 8080 Starting SOCKS5 proxy on port 1080 The proxy will store the private key and fingerprint storage files in ~/.otrproxy (on *nix and OSX) or in the current directory (on Windows). Now you need to configure your AIM client to speak to the proxy. We can't tell you how to do this, since every client is different. Set the proxy host to either "localhost" or "127.0.0.1". Set the port to 1080 (for the SOCKS5 proxy) or 8080 (for the HTTPS or HTTP proxies). The proxy does not currently require a username/password, but that may change in a future version. If your client requires you to use a proxy *already* (you're behind a firewall or something like that), you're unfortuantely out of luck at this time. :-( In the future, otrproxy will be able to be configured to chain to other proxies. If your AIM account is currently logged in, you'll have to log out and back in for the new proxy settings to take effect. Now just start using AIM. To start an OTR private conversation with someone, type "?OTR?" (without the quotes, but with the question marks and capital letters). If the person you're talking to can also speak OTR, you should see messages in the otrproxy window (the terminal window in which you ran otrproxy) relating to generating a private key, and starting a private connection. Because there's currently no user interface, however, you won't be able to stop communicating privately without killing the OTR proxy (which will disconnect you from AIM). Sorry. :-( Once again, if you use this proxy, you really should join the otr-announce and otr-users mailing lists; more information on that is below. TODO - Add a User Interface with support for: - Seeing what secure conversations you're currently in - Stopping a particular secure conversation - Asking about an unknown fingerprint - Viewing the list of private keys - Creating new private keys - Viewing the list of known fingerprints - Deleting known fingerprints - username/password authentication to connect to the proxy - allow the use of *outgoing* proxies - SOCKS4 support? Does anyone need this? MAILING LISTS There are three mailing lists pertaining to Off-the-Record Messaging: otr-announce: http://lists.cypherpunks.ca/mailman/listinfo/otr-announce/ *** All users of OTR software should join this. *** It is used to announce new versions of OTR software, and other important information. otr-users: http://lists.cypherpunks.ca/mailman/listinfo/otr-users/ Discussion of usage issues related to OTR Messaging software. otr-dev: http://lists.cypherpunks.ca/mailman/listinfo/otr-dev/ Discussion of OTR Messaging software development. LICENSE The Off-the-Record Messaging Proxy is covered by the following (GPL) license: Off-the-Record Messaging Proxy Copyright (C) 2004-2005 Nikita Borisov and Ian Goldberg This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. There is a copy of the GNU General Public License in the COPYING file packaged with this plugin; if you cannot find it, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA CONTACT To report problems, comments, suggestions, patches, etc., you can email the authors: Nikita Borisov and Ian Goldberg For more information on Off-the-Record Messaging, visit http://www.cypherpunks.ca/otr/