Konrad Podloucky konrad@crunchy-frog.org
Sun Nov 10 13:15:01 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2002-11-10 at 05:06, Lionel Elie Mamane wrote:
> On Sat, Nov 09, 2002 at 06:20:01PM -0500, David Shaw wrote:
> > Note that the "gabber" Jabber client uses GnuPG for encryption.  I
> > don't use it myself, but I have heard it is quite nice.
> Yes, indeed, it works quite well, except it will silently fail if your
> key is expired or such, and send empty messages to your
> correspondent. Confusing at first :)
Yep, and unfortunately Gabber's GPG interface stopped working with gpg >
1.0.7 IIRC. Julian (the project manager) didn't want to fix it, because
he didn't want to mess with it just before a 1.0 release. As you said
they wanted to switch to gpgme eventually and use Jabber's encryption

> Please note that the way it does it looks open to man in the middle
> attacks to me. I never checked entirely, but from its stderr output it
> looks it encrypts the messages to whatever key has signed the presence
> it received.
Yup. The GPG implementation is far from perfect (at least it was that
way, when I still had time to work on Gabber). However if you know how
to use it, it's a nice feature ;o)

> Oh, and I never had it working with a passphrase on the key. So I use
> it with short-lived keys I use only for that.
That actually did work. At least with gpg versions up to 1.0.6



"All this marching up and down and cheering and waving flags is=20
 simply sex gone sour."
                        --George Orwell, "Nineteen Eighty-Four"

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.0 (GNU/Linux)