[OTR-dev] Creating a libotr.so ...

Rüdiger Kuhlmann l-otr.0705+23jv-l at ruediger-kuhlmann.de
Thu Jun 7 08:06:21 EDT 2007 

Hi everyone,

recently I got OTR support for my instant messaging application (mICQ) by
using the library that should better be called libgaimotr. I found the API
it provides rather lacking, for the following reasons:

* For outgoing and incoming messages, the message text may be replaced
  by a different text. However, the crucial information whether the
  message will now be sent encrypted and whether the fingerprint is
  trusted or not, is simply not available (and impossible to obtain
  correctly in all cases).

* For outgoing messages, it is impossible to know whether the encrypted
  message contains the original message or is just initiating the OTR
  handshake (which makes it impossible to properly follow up with
  acknowledgements of the IM system), because...

* ... the library is unable to signal back that the message must not be
  sent, or must not be sent now because no OTR session is established.
  Resending messages is _NOT_ the task of the library!

* It is impossible to signal back to the library that an injected
  message could not be sent due to size constraints. Thus, the library
  does not provide for outgoing fragmentation at all!

* The library sends back complete sentences to the library user in a
  language that in most cases won't be the user's language. What for
  a crazy idea is this? The question is not, how to translate those
  messages, the question is why send those messages at all instead
  of sending proper error messages?? Creating appropriate error
  messages to the user is a task of the application, not of the
  library!

* ... and even worse: these messages are HTML. OMG, Ponies!

* If an unencrypted message with on OTR offer is received, the library
  does _not_ re-negotiate an OTR session (this can happen if an OTR
  session was established and the sending application is killed and
  restarted and thus doesn't know anything about any existing OTR session).

By the way, this email answers the question on the list for a command line
otr application with "now there is one" (doing ICQ and XMPP).

-- 
"See, free nations are peaceful nations. Free nations don't attack
 each other. Free nations don't develop weapons of mass destruction."
      - George W. Bush, Milwaukee, Wis., Oct. 3, 2003

More information about the OTR-dev mailing list