One of the things that I hate about instant messaging clients is the lack of adherence to standards. In fact, the specification that I think should be adhered to the most, isn't. I've blogged about this before, so I apologize to the planets that I am syndicated to in advance for duplicating content. However, due to the recent poll about which IM client you use, I've setup another.
In the last poll, the top 5 Linux clients that are currently in operation are, as a result of my poll, in order from most used to least:
I look at those clients, and recognize that there isn't a single standard between any two of them for encrypting your messages. There are just too many options:
- gaim-encryption: Only works with Gaim, or clients implementing the Gaim code.
- otr: a good alternative, working with Gaim, Adium for Mac and Trillian for Windows, but not available for other clients.
- otr-proxy: probably a better alternative than it's parent, allowing any IM client that can utilize a proxy access. However, at the moment, it only works for AIM and ICQ protocols, alienating many users.
- GnuPG: In my opinion, the best alternative using your personal GnuPG keypair, but, only implemented in Gajim and Psi.
I'm sure there are other options, but I think the point is made. I should be able to choose any IM client, and encrypt my traffic with a standard spec that is implemented across the table, regardless of which client my friends choose.
As mentioned, I personally favor using my private and public GnuPG keypair. To me, that just makes sense. Why keep track of two keys, one for IM, and the other for everything else? But, I would be willing to see otr or otr-proxy as the standard as well. The point is just setting the standard, then implementing it across clients.
As such, here is another poll. Should an encryption standard be set, regardless of IM client or protocol, given the information that I outlined here?
I should mention that I use Jabber as my means of IM communication. Jabber, by default, implements SSL/TLS. So, my traffic is already incrypted on the wire with my friends. However, can I trust that the Jabber server I or my friends connect to are not decrypting and logging the chat sessions? Something to think about.