[OTR-dev] handling jabber resources

Greg Troxel gdt at ir.bbn.com
Thu Dec 23 13:12:16 EST 2004 

  > On computer A, I am able to OTR with party P using jabber.
  > On computer B, I log on to jabber with a different resource.
  > P's computer (same one) perceives, I think, that the OTR key is still
  > valid, and thus sends a message encrypted.

  What's a 'resource'? We have tested the plugin using the same account,
  but after each other, on different machines, with one not running otr,
  and it does fall back to cleartext. At least it did a few versions ago.

resource is a jabber protocol concept, used to identify the particular
endpoint with a JID, where JID == screen name
(e.g. username at jabber.server.org) for gaim purposes.
So you would have user at jabber.net/home and user at jabber.net/work.  Both
are the same 'account' (same pw to log into jabber server), but the
resource is carried along to the other party, and can be used to
direct messages to particular endpoints.  Message routing w/o a
resource goes to the most recently active resource.

Ian just said there was no way to stop doing OTR, so you wouldn't send
cleartext by accident.

  If you are using the same IM account, then I'm not entirely sure the
  other party can detect you switched machines (and now lack a plugin)
  until after the message comes back. If you use a different account,
  then there is absolutely no relationship, other then that the same
  human is using a computer, to which I hope gaim-otr has no control yet :)

With jabber, it's clear that the new messages are from a different
resource.  With other protocols, it may not be.

  So you have two machines with OTR, and change from one to the other
  account with a different session key, this should be picked up, but
  we can retest this.

The second machine had no session key, and had never done OTR with the
other person.  It did sync up, but the message was lost and not
resent.

Actually this is a case for wanting to turn off otr.
You can, of course, by exiting the client and restarting it, or by
bringing up preferences, but it would be nice to right-click on the
OTR button and select "delete session info" or something.

More information about the OTR-dev mailing list