I was wondering, is it ever planned for Off-The-Record messaging to be integrated into Spark?
If Spark included OTR, it would help a lot, because I could then recommend people to use Spark, vs. something such as Gaim or Adium because they are the only two (and even worse, only Gaim for Windows, only Adium for OS X) that have OTR.
Actually, I’'ve recently found out that some of our more paranoid users are not using Spark because of the capability to save conversations (i.e. if either party has the history being saved, they are on record).
I’'m sure a number of our users would like an easy way to have encrypted, unsaved conversations that would force both ends to not save the conversations.
Maybe just a padlock icon that then tells the remote end that it’‘s now encrypted and won’'t be saved, or asking the remote user first?
Encryption is certainly feasible, but it’'s simply impossible to control what the other end of the connection does with the data, including saving it. If the other end has the ability to display info to the user, it inherently has the ability to save that data, and no protocol can change that.
On the other hand, the logs are just text files, and you’'d probably need info from the server to prove that they were real and not just something someone typed up in wordpad.
SSL is good enough for online banking, so it’‘s nothing to sneeze at. It does assume you trust the server though. If you wanted to communicate with someone over a public/untrusted server then you’'d need a sparkplug that encrypts/decrypts the body of the message
old SSL and TLS are both secure for the client-2-server connections. The server admin may of course record all messages in plain-text. If you are using a trusted (your own) server and no s-2-s connection you don’'t have to care about security. But I guess that your client does not check that the server certificate is valid when creating a connection to it so you are still far away from OTR.
it’'s simply impossible to control what the other end of the connection does with the data, including saving it
You’‘re right. Perhaps it could be possible to simply disable the chat history while an OTR conversation is happening. If the user manages to turn it on themselves during the conversation, so be it – most of our users requesting this wouldn’'t know how to do it anyway.