[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages

Paul Wouters paul at cypherpunks.ca
Thu Jan 27 13:55:41 EST 2005


On Thu, 27 Jan 2005, Ian Goldberg wrote:

> > > So when you click "end private connection", the client first sends an IM
> > > like "[ending private connection]" (as if you'd typed that string), and
> > > then forgets the context?
> > > 
> > > That'd be fine, security-wise; it'd just be an automated form of what
> > > people can do now.
> > 
> > You mean it wasn't like this what was happening when I clicked the OTR
> > button to leave private mode??
> 
> Now, the client doesn't send any IM indicating it's leaving private mode.

Ah.. Then I'd definately like some sort of authenticated Notify/Delete message.
It would prevent a lot of misencrypted messages. The remote end should do
something noticable ofcourse, showing the encrypted state was lost.

Hmm, so thinking about this, perhaps the current resend-if-not-readable is
better from the UI point of view, even if not as clean from a protocol point of
view.

Paul




More information about the OTR-dev mailing list