[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages
verbal
verbal at gmail.com
Wed Jan 26 16:25:17 EST 2005
On Wed, 26 Jan 2005 14:57:12 -0600, Evan Schoenberg <evan.s at dreskin.net> wrote:
> I think the lack of ?OTR messages is insufficient... that doesn't do
> anything until bob sends a message and that message fails... Part of
> the purpose of such a 'heads up' is that bob can react without us
> having to wait for a message send to fail before any one is the wiser.
>
what do you mean by letting bob "react", ie what would bob do? if
alice and bob are in an OTR conversation and alice turns it off. alice
sends in plaintext to bob, which is ok because alice knows she is
sending plaintext cause she set it while bob is sending in encrypted
text which is ok because he still thinks they're encrypted.
so i think security (grr i hate using that word) wise, everything is
ok. the problem will be that bob wont know until an error comes back
or whatever. so from the UI standpoint, it kind of sucks.
so i propose a "heads up" message that the bob can choose to ignore,
but it will show bob via UI that alice has ended the encrypted session
and if bob wanted to, he could/should end the encrypted session also
so alice can see his messages.
verbal
More information about the OTR-dev
mailing list