Gof's weblog Blog de Olivier Goffart

Long time ago (end of 2006) I developed a patch to use your webcam with the Kopete Jabber plugin. I used the MSN webcam code 'as it' and wrapped it into XMPP XML. ^[1]

Here is the patch against Kopete 0.12 (in KDE 3.5) for those who want it: http://bepointbe.be/files/jabber_webcam.diff

Anyway, it has several negative issue

• This is not a XMPP standard, so it only work with person who have applied the same patch.
• It would be difficult for other client to include it (It was easy in Kopete because Kopete has an MSN implementation).
• Because of that I do not plan to include it in any official release.
• It doesn't use jingle, this is totally unrelated.

The only positive issue of this protocol is that it would be easy to implement it in the MSN gateway. But this has no real interest since only Kopete support it, and Kopete support MSN natively

It could also make happy linuxers that want to use their webcam without using the evil MSN. But they could also use other free conferencing software such as Ekiga.

One year ago, I developed a module for ejabberd to archive messages : mod_archive. Few time later, I also had developed an online reader in PHP that I never published. So I publish it now as it may interest people: it's located there : http://bepointbe.be/jabwebhist/

It use one old version of the XEP-0136, and is compatible with my version of mod_archive(version 0.0.4). ^[1]

It's a very basic implementation, but it could help someone who want to develop one better implementation.

Why is server archive important?

You probably already know why messages archives (also called logs) are usefull. To remember the URL/phone number/password/sample code/or whatever someone sent you over IM. Or simply to remember the last conversation with a contact. Most clients include a logging feature.

But what if I connect with several client, from different places (home, school, in friends, ...), or with webclient or mobile client? Logs are not always saved, or disparate.

That's the point of server archive. Every message you receive or send is saved on your jabber server, by your server. No matter which client you do use, or your location. And log may be available from every places.

In the jabber world, almost every connection between different entities (clients and servers) are encrypted using TLS. But some people claim that it's not enough, because the server can still read the messages. The solution, for paranoic people that can't trust their server, is to use end to end (e2e) encryption, such as OTR.

OTR (for Off The Record messaging) is a protocol that make the e2e encryption easy. But it is vulnerable to the man in the middle attack, specially because the server can read and modify all messages. To prevent against this attack, user must check carefully the peer's fingerprint using another media, but honestly, who does that ?

Recently, Michael Zanetti announced he was working on an implementation of OTR for Kopete.
I have now a working implementation of OTR on the hand. And I decided to break it

That's why I wrote mod_otr . It is a module for ejabberd, which do the man in the middle attack at server level. It will intercept message and decrypt them. It can be used in combination with the mod_logmnesia module which log all messages.

The problem I have with e2e encryption is that it make impossible some other desirable feature such as automatic message history on the server. ^[1] All the proposals of an easy to use e2e encryption suffer from the same problem. The lambda user don't really care about privacy, so they will never check their fingerprints.

Download

The source code of mod_otr is there:
http://bepointbe.be/files/mod_otr-20070329.tar.gz

The instructions about how to install are in the README file