Release Notes: The functionality of the OTR button has now moved to a menu. The button can optionally be shown in addition, but now in the conversation toolbar. New icons were added. Buddy authentication has been revamped, based on the user study published in SOUPS 2008. The default is now to choose a question and an answer only you and the buddy should know. The question is displayed to the buddy, who is prompted for the answer. The "shared secret" and "fingerprint" authentication methods are still available. Translations were made for Arabic, German, Russian, and Hungarian.
Release Notes: Support for pidgin 2.x, new translations for English, Dutch, Spanish, French, and Slovak, a new option to not log OTR conversations, transparent fragmentation of large messages, and replacement of the "view secure session id" and "verify fingerprint" options from the OTR button menu with an "authenticate buddy" option. This new option allows you to authenticate your buddies by entering some secret that only the two of you know rather than by using a long, user-unfriendly sequence of hex characters.
Release Notes: Support for OTR protocol version 2 was added. It will still interoperate with version 1 clients, though with a warning to the user. The OTR button now has a right-click context menu with some useful options. The OTR button now has icons in addition to text to indicate the state of a conversation. Most popups have been changed to inline messages in the conversation window.
Release Notes: A fix to co-exist more nicely with other encrypting Gaim plugins. gaim-otr is now autoconfiscated.
Release Notes: This release adds default and per-buddy policy selection: never use OTR, OTR only if manually requested, automatically start OTR if possible, or refuse to not use OTR. It now resends the last message if it caused a re-keying. OTR control messages are no longer displayed as if they were received as IM messages. There is a new multi-page UI. Users can send a control message to a buddy if a private conversation is terminated. It now removes people without fingerprints from the Known Fingerprints list. The column heads in the Known Fingerprints list now sort properly.
Release Notes: A Windows version was added. This release now allows you to use Off-the-Record Messaging with just about any AIM client, on Linux, Windows, OS X, and others.
Release Notes: If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys, he can perform a birthday attack to try to get his session id with each end to match. Since the session id was only 64 bits long, his work was only 2^32, which is not enough. This release makes the session id the whole SHA-1 hash, instead of truncating it, to protect against this unlikely scenario.
Release Notes: This release adds a more sensible error message in the event that the program receives its own OTR Key Exchange messages. If the program is about to send a plaintext message to a correspondent for whom it has a fingerprint, it now appends a special (whitespace) OTR tag sequence. The other side (if in fact running OTR) will recognize it and start a Key Exchange. But if they reply without starting a Key Exchange, it will stop appending the whitespace.
No changes have been submitted for this release.