[OTR-dev] Queuing of messages before the connection is established
Ian Goldberg
ian at cypherpunks.ca
Tue Feb 8 12:41:15 EST 2005
On Tue, Feb 08, 2005 at 11:08:02AM -0600, Evan Schoenberg wrote:
> On Feb 8, 2005, at 10:06 AM, Ian Goldberg wrote:
>
> >The last thing we want is for people to get annoyed by overt OTR probes
> >when they don't support it.
>
> I had an awful experience last night when talking with a buddy who was,
> like me, in OPPORTUNISTIC. He had never used OTR, had no idea what a
> fingerprint was, so kept clicking No as he was prompted after each
> message to accept my fingerprint (getting progressively annoyed in the
> process). After a while of this, I told him, "Look, just accept it,"
> and clicked my "Initiate OTR conversation" button... after which point
> I was sending encrypted messages which he still couldn't receive. Then
> he accepted my fingerprint, and I was sending 'malformed data packets'.
> Finally, I canceled the OTR session. The next message I received from
> him automatically restarted it, this time with it working properly.
That's clearly non-optimal. What do you think should happen here,
though? Should clicking "Don't accept this fingerprint" automatically
set that buddy to NEVER? (You'll never see the accept fingerprint
dialog again until you manually enable it for that buddy.) [That's not
really a good solution, either, though, since it will prevent you from
using OTR with that buddy, even using already-accepted fingerprints.]
Maybe have a third option: "Accept" / "Don't Accept" / "Never accept
this fingerprint". Clicking the third one will add that fingerprint to
a blacklist, and it will ignore any future key exchange message that
uses that fingerprint. But that seems unsatisfying to me, as well.
- Ian
More information about the OTR-dev
mailing list