removed reference to OTR from FAQ

This commit is contained in:
Daniel Gultsch 2018-03-12 16:37:19 +01:00
parent 22d98bd162
commit 10240ab2f9

View file

@ -39,7 +39,7 @@
## Features ## Features
* End-to-end encryption with [OMEMO](http://conversations.im/omemo/), [OTR](https://otr.cypherpunks.ca/), or [OpenPGP](http://openpgp.org/about/) * End-to-end encryption with [OMEMO](http://conversations.im/omemo/) or [OpenPGP](http://openpgp.org/about/)
* Send and receive images as well as other kind of files * Send and receive images as well as other kind of files
* Share your location via an external [plug-in](https://play.google.com/store/apps/details?id=eu.siacs.conversations.sharelocation&referrer=utm_source%3Dgithub) * Share your location via an external [plug-in](https://play.google.com/store/apps/details?id=eu.siacs.conversations.sharelocation&referrer=utm_source%3Dgithub)
* Indication when your contact has read your message * Indication when your contact has read your message
@ -290,9 +290,8 @@ I am available for hire. Contact me via XMPP: `inputmice@siacs.eu`
#### Why are there three end-to-end encryption methods and which one should I choose? #### Why are there three end-to-end encryption methods and which one should I choose?
* OTR is a legacy encryption method. It works out of the box with most contacts as long as they are online. * OMEMO works even when a contact is offline, and works with multiple devices. It also allows asynchronous file-transfer when the server has [HTTP File Upload](http://xmpp.org/extensions/xep-0363.html). However, OMEMO not widely support and is currently implemented only implemented [by a handful of clients](https://omemo.top).
* OMEMO works even when a contact is offline, and works with multiple devices. It also allows asynchronous file-transfer when the server has [HTTP File Upload](http://xmpp.org/extensions/xep-0363.html). However, OMEMO is not as widely supported as OTR and is currently implemented only by Conversations and Gajim. OMEMO should be preferred over OTR for contacts who use Conversations. * OpenPGP (XEP-0027) is a very old encryption method that has some advantages over OMEMO but should only be used by people who what they are doing.
* OpenPGP (XEP-0027) is a very old encryption method that has some advantages over OTR but should only be used by experts who know what they are doing.
#### How do I use OpenPGP #### How do I use OpenPGP
@ -303,9 +302,7 @@ The way PGP works is that you trust Key IDs instead of JID's or email addresses.
So in theory your contact list should consist of Public-Key-IDs instead of So in theory your contact list should consist of Public-Key-IDs instead of
JID's. But of course no email or XMPP client out there implements these JID's. But of course no email or XMPP client out there implements these
concepts. Plus PGP in the context of instant messaging has a couple of concepts. Plus PGP in the context of instant messaging has a couple of
downsides: It is vulnerable to replay attacks, it is rather verbose, and downsides: It is vulnerable to replay attacks and it is rather verbose.
decrypting and encrypting takes longer than OTR. It is however asynchronous and
works well with message carbons.
To use OpenPGP you have to install the open source app To use OpenPGP you have to install the open source app
[OpenKeychain](http://www.openkeychain.org) and then long press on the account in [OpenKeychain](http://www.openkeychain.org) and then long press on the account in
@ -316,16 +313,14 @@ OMEMO has two requirements: Your server and the server of your contact need to s
#### How does the encryption for conferences work? #### How does the encryption for conferences work?
For conferences only OMEMO and OpenPGP are supported as encryption method. (OTR For conferences only OMEMO and OpenPGP are supported as encryption method..
does not work with multiple participants).
##### OMEMO ##### OMEMO
OMEMO encryption works only in private (members only) conferences that are non-anonymous. OMEMO encryption works only in private (members only) conferences that are non-anonymous.
You need to have presence subscription with every member of the conference.
You can verify that by going into the conference details, long press every member and start The server of all participants need to pass the OMEMO [Compliance Test](https://conversations.im/compliance).
a conversation with them. (Or select 'contact details' if they are already in your contact In other words they either need to run version 18.01+ of ejabberd or have the `omemo_all_access` module installed on Prosody.
list)
The owner of a conference can make a public conference private by going into the conference The owner of a conference can make a public conference private by going into the conference
details and hit the settings button (the one with the gears) and select both *private* and details and hit the settings button (the one with the gears) and select both *private* and
@ -348,11 +343,6 @@ feature is regarded experimental. Conversations is the only client that uses
XEP-0027 with conferences. (The XEP neither specifically allows nor disallows XEP-0027 with conferences. (The XEP neither specifically allows nor disallows
this.) this.)
#### Why is Conversations not end-to-end encrypted by default
We briefly had OMEMO as the default E2EE but it turned out to be a usability nightmare and thus we reverted that. You can find more information in [the commit message](https://github.com/siacs/Conversations/commit/035d0c79572d5981c53d1bff7f30b484c6542f17) of that change.
Quick reminder that Conversations **always** uses TLS to connect to your server. It wont even connect to a server without TLS.
#### What is Blind Trust Before Verification / why are messages marked with a red lock? #### What is Blind Trust Before Verification / why are messages marked with a red lock?
Read more about the concept on https://gultsch.de/trust.html Read more about the concept on https://gultsch.de/trust.html