Image of the glider from the Game of Life by John Conway
Skip to content
{ 2007 02 21 }

Setting The Standards Bar

One of the things that I hate about instant messaging clients is the lack of adherence to standards. In fact, the specification that I think should be adhered to the most, isn't. I've blogged about this before, so I apologize to the planets that I am syndicated to in advance for duplicating content. However, due to the recent poll about which IM client you use, I've setup another.

In the last poll, the top 5 Linux clients that are currently in operation are, as a result of my poll, in order from most used to least:

  1. Gaim
  2. Kopete
  3. Gajim
  4. Gossip
  5. aMSN

I look at those clients, and recognize that there isn't a single standard between any two of them for encrypting your messages. There are just too many options:

  • gaim-encryption: Only works with Gaim, or clients implementing the Gaim code.
  • otr: a good alternative, working with Gaim, Adium for Mac and Trillian for Windows, but not available for other clients.
  • otr-proxy: probably a better alternative than it's parent, allowing any IM client that can utilize a proxy access. However, at the moment, it only works for AIM and ICQ protocols, alienating many users.
  • GnuPG: In my opinion, the best alternative using your personal GnuPG keypair, but, only implemented in Gajim and Psi.

I'm sure there are other options, but I think the point is made. I should be able to choose any IM client, and encrypt my traffic with a standard spec that is implemented across the table, regardless of which client my friends choose.

As mentioned, I personally favor using my private and public GnuPG keypair. To me, that just makes sense. Why keep track of two keys, one for IM, and the other for everything else? But, I would be willing to see otr or otr-proxy as the standard as well. The point is just setting the standard, then implementing it across clients.

As such, here is another poll. Should an encryption standard be set, regardless of IM client or protocol, given the information that I outlined here?

I should mention that I use Jabber as my means of IM communication. Jabber, by default, implements SSL/TLS. So, my traffic is already incrypted on the wire with my friends. However, can I trust that the Jabber server I or my friends connect to are not decrypting and logging the chat sessions? Something to think about.

Should there be a starndard encryption process among IM clients?
View Results
Posted by Aaron Toponce on Wednesday, February 21, 2007, at 7:41 am. Filed under Gaim, Jabber, Linux, Security. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog. For IM, Email or Microblogs, here is the Shortlink.

{ 14 } Comments