[Pidgin] #16184: Support for YIM communications encryption feature going to be implemented by Yahoo!

Pidgin trac at pidgin.im
Thu Apr 3 07:35:04 EDT 2014 

#16184: Support for YIM communications encryption feature going to be implemented
by Yahoo!
-------------------------------------------------+-------------------------
 Reporter:  wynndra                              |       Owner:
     Type:  enhancement                          |      Status:  new
Milestone:  2.10.10                              |   Component:
  Version:  2.10.9                               |  Yahoo!/Yahoo! JAPAN
 Keywords:  yahoo YIM privacy SSL TLS            |  Resolution:
  encryption security                            |
-------------------------------------------------+-------------------------
Description changed by wynndra:

Old description:

> After having looked through the recent tickets, I didn't find any
> refering to the oncoming implementation of generalized encryption for
> Yahoo Instant Messenger (as refered on Yahoo's blog here:
> http://yahoo.tumblr.com/post/81529518520/status-update-encryption-at-
> yahoo and on their website).
>
> I am no expert at such things, but I think implementing the all-encrypted
> feature for the protocol as soon as it is technically possible would be a
> good thing to do, both because it would dramatically increase server to
> client security and online privacy (even if this is highly relative
> because the traffic on the server end can be analyzed unless an OTR layer
> is added for messages) and also because as of now, it doesn't seem clear
> if Yahoo will still allow unencrypted messaging sessions past the secure
> log-in and authentication step.
>
> I suppose that if it is just about wrapping messaging sessions in
> SSL/TLS, the implementation of such a feature would probably be similar
> to that used for AIM in Pidgin. Hopefully, there will be more information
> about this in the coming weeks or months.

New description:

 After having looked through the recent tickets, I didn't find any refering
 to the oncoming implementation of generalized encryption for Yahoo Instant
 Messenger (as refered on Yahoo's blog here:
 http://yahoo.tumblr.com/post/81529518520/status-update-encryption-at-yahoo
 and on their website).

 I am no expert at such things, but I think implementing the all-encrypted
 feature for the protocol as soon as it is technically possible would be a
 good thing to do, both because it would dramatically increase server to
 client security and online privacy (even if this is highly relative
 because the traffic on the server end can be analyzed unless an OTR layer
 is added for messages) and also because as of now, it doesn't seem clear
 if Yahoo will still allow unencrypted messaging sessions past the secure
 log-in and authentication step.

 I suppose that if it is just about wrapping messaging sessions in SSL/TLS,
 the implementation of such a feature would probably be similar to that
 used for AIM in Pidgin (that is: having an option to set "Encryption
 mandatory/When available/Unencrypted"). Hopefully, there will be more
 information about this in the coming weeks or months.

--

-- 
Ticket URL: <https://developer.pidgin.im/ticket/16184#comment:1>
Pidgin <https://pidgin.im>
Pidgin

More information about the Tracker mailing list