[OTR-dev] handling jabber resources

Ian Goldberg ian at cypherpunks.ca
Wed Jan 12 18:17:45 EST 2005


Happy New Year!  ;-)

On Thu, Dec 23, 2004 at 01:12:16PM -0500, Greg Troxel wrote:
> resource is a jabber protocol concept, used to identify the particular
> endpoint with a JID, where JID == screen name
> (e.g. username at jabber.server.org) for gaim purposes.
> So you would have user at jabber.net/home and user at jabber.net/work.  Both
> are the same 'account' (same pw to log into jabber server), but the
> resource is carried along to the other party, and can be used to
> direct messages to particular endpoints.  Message routing w/o a
> resource goes to the most recently active resource.
> 
> Ian just said there was no way to stop doing OTR, so you wouldn't send
> cleartext by accident.

I looked into this a bit.  It looks to me like gaim always merges
conversations to user at jabber.net/home and user at jabber.net/work into one
conversation window.  If you've got a secure connection to one, and an
insecure connection to one, you can certainly receive messages you think
are secure, but aren't.  I think this is a bug in gaim, personally.  If
/home and /work are in fact both logged in and sending me messages, why
should their conversations be merged into one window?  I'm not even able
to reply to whomever sends it to me second, it seems.

Did I miss a configuration option of gaim?  If we could solve this
security-related UI issue, it's easy enough to separate the internal
state for the different resources.

   - Ian



More information about the OTR-dev mailing list