[OTR-dev] OPPORTUNISTIC: Problems with not using OTR when both sides have an OTR plugin

Evan Schoenberg evan.schoenberg at vanderbilt.edu
Thu Jan 27 17:20:55 EST 2005


Opportunistic is overzealous right now, I think, or I've got something 
configured wrong.

10 Bob and Jane both have OTR.  Bob messages Jane.  His OTR is 
immediately active, since the other side has it.  Jane refuses Bob's 
fingerprint.. she's just not ready for that kind of commitment.

20 Bob's client thinks he has a secure connection.  Messages he sends 
are encrypted.
30 Jane's client knows she has an unencrypted connection. She sends in 
plaintext, and can't read Bob's messages.

40 Bob is told that he is sending encrypted messages, so he toggles the 
"end private chat" and sends a message.  It goes through in 
plaintext... Jane is asked to accept his fingerprint, she clicks No 
again.  GOTO 20

Does this describe expected behavior?  I'm not sure if the proposed  
policy system solves for this cleanly or not.

-Evan




More information about the OTR-dev mailing list