From mail@scottellis.com.au Tue May 1 13:38:27 2007 From: mail@scottellis.com.au (Scott Ellis) Date: Tue, 1 May 2007 22:38:27 +1000 Subject: [OTR-dev] session termination In-Reply-To: <20070430012622.GM10564@yoink.cs.uwaterloo.ca> References: <96e269140704282247j28650c70tdbebc99d8fb49eba@mail.gmail.com> <20070429194343.GJ10564@yoink.cs.uwaterloo.ca> <2a12af650704291746p5e27b5f5m5ed0928fe5c172ee@mail.gmail.com> <20070430012622.GM10564@yoink.cs.uwaterloo.ca> Message-ID: <96e269140705010538q1b9a6f62teaf5eca7245d96cf@mail.gmail.com> ------=_Part_117082_31371103.1178023107963 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hm. So there's no easy way to solve it. I can't find a reliable way to send a message before a protocol goes offline in miranda. Does re-initiating a session give away any more information to an attacker, than simply listening to encrypted messages passing by? I do think forgetting session keys and moving to a non-encypted state is more elegant, and is much better than a design where (occasional) error messages are inevitable. ------=_Part_117082_31371103.1178023107963 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hm. So there's no easy way to solve it.

I can't find a reliable way to send a message before a protocol goes offline in miranda.

Does re-initiating a session give away any more information to an attacker, than simply listening to encrypted messages passing by?

I do think forgetting session keys and moving to a non-encypted state is more elegant, and is much better than a design where (occasional) error messages are inevitable.
------=_Part_117082_31371103.1178023107963-- From icebrkr@cyberdyne.org Wed May 2 17:50:52 2007 From: icebrkr@cyberdyne.org (iCE Breaker) Date: Wed, 2 May 2007 12:50:52 -0400 Subject: [OTR-dev] gaim-otr port to pidgin 2 beta 7 Message-ID: <247fb914ae87718cef7fb9ae8357e591@localhost> So I spent some time throwing this thing together to get it to work with the latest and greatest Pidgin. Just not sure what to do with it. Also, I've only been able to test on Ubuntu (edgy). Help? -- iCE Breaker http://www.cyberdyne.org/~icebrkr From evan.s@dreskin.net Sat May 5 04:25:05 2007 From: evan.s@dreskin.net (Evan Schoenberg) Date: Fri, 4 May 2007 23:25:05 -0400 Subject: [OTR-dev] gaim-otr port to pidgin 2 beta 7 In-Reply-To: <247fb914ae87718cef7fb9ae8357e591@localhost> References: <247fb914ae87718cef7fb9ae8357e591@localhost> Message-ID: <1B1B334C-DA04-4134-B3CF-CD1773C4BC43@dreskin.net> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-4-312326690 Content-Type: multipart/alternative; boundary=Apple-Mail-3-312326636 --Apple-Mail-3-312326636 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On May 2, 2007, at 12:50 PM, iCE Breaker wrote: > So I spent some time throwing this thing together to get it to work > with the latest and greatest Pidgin. Just not sure what to do with > it. Also, I've only been able to test on Ubuntu (edgy). Help? Post a diff of your changes to this list and it'll go from there :) Cheers, Evan --Apple-Mail-3-312326636 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=ISO-8859-1
On May 2, 2007, at = 12:50 PM, iCE Breaker wrote:

So I spent some time = throwing this thing together to get it to work with the latest and = greatest Pidgin. Just not sure what to do with it.=A0 Also, I've only been able to = test on Ubuntu (edgy).=A0 = Help?


Post a diff of your = changes to this list and it'll go from there :)

Cheers,
Evan
<= /BODY>= --Apple-Mail-3-312326636-- --Apple-Mail-4-312326690 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGO/kRI5gp6xQhrvcRAt+9AKCfDiqz0qDmYWRELIa+CJUDDZaMewCggfCl XgTXOHOxeVVgT2vMDqoFVE8= =nCGb -----END PGP SIGNATURE----- --Apple-Mail-4-312326690-- From reza.jelveh@tuhh.de Sat May 5 18:48:11 2007 From: reza.jelveh@tuhh.de (Reza Jelveh) Date: Sat, 5 May 2007 19:48:11 +0200 Subject: [OTR-dev] [PATCH] pidgin Message-ID: --Apple-Mail-2-364112784 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed hi, i saw there's already a topic on this but didn't see a patch so here it is. works here at least... --Apple-Mail-2-364112784 Content-Transfer-Encoding: base64 Content-Type: application/x-gzip; x-unix-mode=0644; name=pidgin.diff.gz Content-Disposition: attachment; filename=pidgin.diff.gz H4sICIvBPEYAA3BpZGdpbi5kaWZmAOw9+3PiRtI/479iQr4kYISXl9/nvWUxy3KLwQU4udTtlUqG wegsJE4Sdny5/d+/7nlIIyGBWG/2nEpcGxs00z0zPf2eHmVqzmakvOq75M4wF2XHd8v1g8pB5dWV cU9npkUPjAVZmtM7005u3CuXyxtgc7VK5bCM/xqkenrWgH9HBxX5Q0oVaN8rlUobx0AkxwzJIame nFVrZ4e1NSRv3pByVas2SIn9fvNmjzSv9Na7XrMzusi96XXfdlrDn6/H4tEbgo8G42H4vf338bAp v+6VA+jSRa58eTPq9jt6Z/yBlC87ze6Vft276XT7I/Jxr5zLiWeI7sf2cNQd9C8+5t+Ij28+5vdK 6diub4bXvbaCr4T4xNN0jGSvvLRWQLOp6V7kcv/3q2XewsdPr3Az9krJbZzKIazeGwMVhs1htw1E ktt4YBkSQbRDuEnYBbAghA5fdcvQR4ObYQt75XATOfjBhKxM+DU1Dcu58+DTnX9fZo/wA398MIki 6l2KTcuVF850ZVFSNh4cc1p+oK5nOnZi71Jkj+GTssPsG6yIzf5LTDeGauuEk/tvnzLZI5wpL7uj MaCX85qr05nLSc6JspI5YU8+7pFcLhfI0sK07x7J0pjcG9Dpbm+aJv4Tx56ZdysXxG+yLptqa5IC UNu5BqhWy5UaqdXPKo2zxnFEeKtpGiCOJaYCThNVwLF2TEr46w0jH4rdoP+u29Hft5uX7WGBIz2Y F5F9obXb74715s14cNX80C7IdWiETaHI5DbaJZxm0AnHaenXw0FHb7XgG1NFp9oRqCL8Hczkujl+ r/MNLjBQTQO4q1FHbw+Hg2EBpBTQcqzEcYlNH6lLTI+49N8r06XTgyKb9vUHGOh9u/VBvxpc3vTa owLjEo3cAYYyqEby+oLUDhrIGKXId1gefq7C0EQjkcERVkMIYthT3lMOC6OWPntMTi/+bduooq8y Lift4GZ8fTMu/EPy8T+L6Zwbyu4aQwVNSTwbNAqGrcAWosmqHZ0d1rOZrAiKgFsBReWsUUkxWIdo rw4Zj7za3yuTfUIGs1nZn9PykE4cd0quqOcxaSVctMnM4YveK2XtLdU+9m85yyfXvJv7pNAqEphI o4wLJqRv3pu+Qd46ruk5D2w/uoZNOo41vaXuHYdO/fkLkOHN5Gk5p+5yZd8DEYzXCMKWWWsww8z/ 8KUS78nz6YLMqTEFLUn2X+2Rb017Yq2mlPzF86fAGAfz18ju0Jmxo9K1BM8EsyQiyNuOb86eDuZo J3E0IVrJo/HGV0vX8R025lrTglGVRidUjmEMJxVvUSYWqPC8+lRV3HmhQRqnWhV4hf9BouGPS/2V a4Nu152ld75HPon5jOegJuDfv1aeD4u9p2yGOieDLqavEfrLhC79M1IwisT0ydShnv2DT+5c45ZN fx2NsFy7IEJGuadPt44B/DhzJitPI4XbIgEuJbcr33dsHCI/+JAnpg1MYEyJMyP5luV4NK8xxitM igwNgljGLbU8YrgUR7DMhenTKfEdUvtwgMQto6lF03enc+LGJlvoACX67NGVdzd+WlLiwy9tr7QN 8HrlLi2aBEpyYEeARJO54ZJ9YzJxVrZvGwugjNrAOGriWNGnK4+6rG8MjW/61hoCc2G4T9GHHki6 PYXHQKNfGascHaLVY7+RUXKJo5GMY8Xgo6OVkQk30Rrd4P5g3H33c6jlYU8VCoHa2oxDuL5bsJAc ogkpHK5TrC2gXbgCITDMT2gwR6Hx8kj2U3PYh+jg2URLxvNMsp3UkWzs9wsjW7f/bvBsmiUgeSbB qkcVrVoHI8//ItE+CZs0oj5ZLZmOW1K3DMAYLxi+iQrSBru94J+npre0jKcUXUcfdYRkWq6lotjH x8UkLSdBuH5LAgL6M3PD7Uz5dQDCms/DNQzpwnmgz1yDy5DsugwVKvtKVKhwMVu9yXm6tzff5E3O n+9NzmPeZL16Vj/5Q3uTFdRB7Dcu9FtzZk/pjOiYLOlAqNzsDToj/b2uQxs0mDZNbPutHEucYp2F oXUZh6LTgFP0fHc18YmnD4CPL9n+/mSA+7Qf/f4eqGXRcxwhBinUIpOFwn5UnRXTHZ0NMC/exzkX ihS8m1Pm45yKgFpZlEs9anumb/6H6oZlFQv4nEFGyCWUWDFNyZxHKRV0T9Uu8REU5ZJxkAjEpnE+ kZBHbswBc/4DK4Lq96ZLQMFJBjw+YsED/yMirs5aT0HyGGayr6rZO+rrXHkqVP0z4viDRhxSGquN Kooj/4P8lWCeIzIZMs9Xc33OP8v3Of/Knk3SLDO5Nmyi31IbfJd0/0VNW6+7GNEc/LoXo7bHc1qH Z9VGNkdmA5b68Vk97Sjnj+HLHLLooCbNGrokE/dp6aekqnjjlsQY45gU/0UcSaADUwbPibAw6qr5 t0FwzkT+QmrYJiE8UCj3vD9oRao2wc6qrYwVS2EzJ27QQ5mFkutKdK0iQyC341OWFDtCx6pRC3y/ DYm6tUZUg55v+FnyeIyGG/J4sYzdtgQfHsbwFRzVWQh9VDsVa8AfWKX+CNQCWzul4Os5T4XO+IP+ U/ey0x4XeEtRxl1lXIM5IR3//ifWAgrBpbAsoT7SzE9CWL5X2oYr1SIlYYtal82mRAMtCq4wtxEP DFiZxD6zwUtN+knGdKqDWfedBThWYbeHW+cX0Wd/avhGEdHwryGEzlo48RvHWvUIqN+o419JfnWC JnzR0ViSC9K/6fXOpa/pPZr+ZE4KuPoieuK5ieFRkpjxOoNWhFGRsY6j8aD1QcQhvCvof44oJe11 Bu1xVNfAF91+IjKerriFPbxnnlryJEVuKNs0RecNEw3QZZtqgDDbZDEpk22m2HPDNDmibHPkqGIT JDmIxYyV5Z9xbjo6ZaIcJl5RjhemN9E9kGTDMu/sBbV9JstX3VGrYC7uihqpwD8UZvz5JEMILm8w G8SheCvAdXOdO7FegckZ+StPPZEzToJmrz0c6+PuuNcWsd5n4RJUiGDDw+NcjskBmzYuhJNp8CFo xYfD9uh60B+19War1b4eawxErlGZBdIFPMMlTIDqgfAzAnHCF3jHopaIlsc2EPqz4KZ6lHA0wuG/ ytEIU40vOlAR2j10MFWGyBiz7IDjxYcv8sDkGOIWTP8HGRqxyKQ8zNqiYYwHtJCwkfojdNMB2PUL yWtMXl+Y4UayX3N/dH8pcgOcjMrTNSPFZfaC5DvUpi5MHb1aPi3kr3wCiKAMAl1bFBUkzj3oGSXU OafSYYWd2x6D1yUObtmUQ/sbCBv+JBJvHuSy2HKXqJRQ/GamPQVKLq1CQBOxeuwiRCuxExtLfsfN ADfighSWoMqW5dcYmpVfM8V+RvI39r3tPNp5BMtxSBDlFvNwmAQJUuCEDw4OpOJEV4+ZfEkPnDVs sztdLfmIs0IK6VlU8Z1HCt95RcCYlwcIATtEZ84nFjUAMWcu8Zwj9ewhbgFi3lzKiccGdHz6oPu/ Z9pGE8ZA1e98j2GwBQT6zqTgQczvzAop2c5iFKz8Opir5CbGe8cnWg2V/HFDemq5HTRF5OnCuwsP Alj2gRIIfWD/XfoDqE8SCe4fgemcR/JIyQSCvOUKk2ao+m2uUqXQNvmGBoJ+HjatB+sRwV6HVBqT YIXsiO5SgsRXj0lJIaJS4yIVQgrBygbL6AWEKnwjehSlkS1X2aw2BZBC/zxEBF4lNPdGBOZCuHNy rPMg4NwRFZtRa9D/UR//fN3Wu1fqoV0EOw9YFfSq3kkfQEjR9iFCArKMTYx6zDXC9URHcsGIs6Mp KWrAvpogc3s0anba+ujn0bh9hWK7oAUmiYHy5AvIglGsYiNOEnGtKsyrYsfAPA4/qZ/EglgYxTdM UIw6xF/MrQMqjZvdfntYWDguBb/Om7hWiNpczIWfCp/8hYV+aiGiYkI6gfMI+pf3A1d6HiyaZ4wT moN5CeTGcgmbrvv0F+6Ud6/ej696rDNQBeYH6u9+teTOJ28EZamPWsMBV3fZVsqWqBE+B0avExYp nJxUBb1+Vczu3PDm/2gc/jNiigNVrBrldY9huzmNORNZjCv/DW4PM1IP6OfgHHXf0eerhWEX8JtG AMEddQMzxs2ydDLWzKWwibha4KcJBbd/Cg4tWXETrWIjPFNycnrMiSYzJcwSgaH//vuopS9uMv0a eZw7cn4bDfp33kfsjosLT3Y2G+OgxkIOpy4jL2zxNhO8DYmsQFizzaQqBRqTHUBIXQHU6S9LMLDU DW21YF595lJaEPgEg55WuECfngSls5v8/ollTu4p05E2nfhqSoYnqzRyt3RgFtQlLPtyruStGEaB aLWcIm2Ya7EpTa6RsQuBV48+UItY+LsYjUxS8aWZ1SSMUiyV5TBM52uPMX0gKFc91mrgJJ9WTtWU ktJ3Qe3Vv1fUfUrBhe0PJn1MaaHu7Hy7qZW5zBorHrYdYjnICkzc0NF1waWBUFIE/8BFjhqczo0H YWdFZMn76Ri8AefRWcT1ecsaR/6TJTt6+Dk0qUFPWEuU8iKdK7M3Qm3iappjWI8syWAIGLmkgotY NJYnBbYSRo0lY1nvvITF/ckMip0jkGgfdoJGgACDCOSzwvPuAXTALZkRBBD5QOczg5hGeZHoSaJ7 SaV7ki+xkfIlhfJZgSXtSzHa7wIvqV+KUD8rhpD+pTj9s6KI7ACJYAmYGJTnrcnBJ3PT4i7D226/ EHQtqiwAgrQTA0D/CAuhQtkJAQJEMYDi2Q0DADAM23SVojPkAKhjPIYZjEYhzy4x4cHhK3Vk75Wi lvJxFz6k2i7bJuhWitFtFxSScqUY5XbCIWhHlCDVVzQxhKnI6ZoQTkwE+o5j+ebyIMhW4O0i7FQQ PZlNE0bq8ESrn4CRatS0Wi3p2Mlj/6n5WHH4JGdXFBjJNxdkPLwZjdGF0a+H3R+b43Zk5jcehQk+ gRGyy+h6kAfDWlGWGMmLTEmeOyX8me34MoOSD+zMOtt5CaQL0KVHP5vBuG/FF3aRsDDwLNlEz0h4 5h7bIIgpXAcwYgLowfTMW9My/adgV1Qaz51HVgvB9zSLqGDwGBEXYTjf3ozHgz6EKBC68cMomNF7 c8qzWkyHIiVzyuhzaC1IdYljrzUy3pIq4FOmCYzbfx+vj89swO7jY6MyvBBuXmu6xdcrgLFDg8dX LgeJZFm/ZsIGf+LuJWgE5kaLi5VijhhU+dizEFImS75H9C6/jufS+dMdM0DZsRHJFPGcUAZm3iGH Ewz92+aFtg3zJRNEG8cKyapmisTz1NiGqzSp6EVuplph5RGlaqVaUQPnx7k5mc8Na4YyPBgPe/qo PcIN6l7CJ5jrpf6+2Xunvx30Lslf8XAPofKPFEtiLj7mbx1r+jGfx9g6j1Go59VCXt0peZ2/Fvly ET6i5OQ/K2+djImvN09BZ9xapjen03xibjuIn2WOHqJoXJc5TQqeGW2rJ+yqTbV6WFcyX2unJ+yp yH8/uLOnSGCO1ojsP8ymol+S6krK9Ww+HQqz4uxYO0ywAVPNxCkJr2gIuYstqVap8RsK1ePgisLW DBBoedPVRR6IYS+/juWDUg98UpVUYnIqVQmFa+XHPztlhbLkg94pGSl0VJ6clSaPds4+2pgu+mgH 3Ibb4rh4/jqLwX3nid55RQmk3THRuWZwVpK6CWojJP7nCuCP1DVnT0nJql0FMBFTxoxVXDI0AkIR ZG11z7yzDSvMMemDt39rt8ZhhUBe1EoFI3b0VrPXe9tsfSisSx3vS6dFOQznfn6bAARbZr7wgBCc NH7q8zinNj8gYuLpuwZzkcEbwmP2dp/d3W9fcid8Y8aMr4JOM3gqW9yRVI+D64Db1SzFAwm0WK3e 0KpVWDWT/Sq3ETnh17JCB8vA0zM8GgWndWVNiQ0IMJuECXTYUdOeUDwiQ2mSsGQfnvzggvtnxykj bElf8fQ1fG9GcnCJXM4zEhq+DCMtjlK7wQhrikIXtY6o96qgDPKE/GS4NvDEGVl5eG4LFo2ZCz47 CUckXPWAW7tQyrIc1wD9v/BxDcOY6biGCw7L7wJQGK4kecyhv8l5Akvj8O0pteqhck07qyhc95rd PkYD20VhanpfWxqCcoiHdC9celT4HRRVSDxAkWQeFNdDPTz252gjLMfzDxiPJ7NNlH8jp1xfiL1y afy1NvSL48SjI62GDglTU6e7nv3/vo/61zj3hR39/3nu/9nn/tsUCqgNPK2B2YETiXy4TNUw4Iqe g+Xi2iUP36SZnjosAePBhED9/O8Uz4Y5/S50khpf86Tgu26/O3rfvgy01CmPsmuHRzIS3Ee3nZk+ iiYRxBjcT1K4pRMDuATP2x4NUUCKBIGoyuM+FH0khgX+9vSpuN18er5pWS/KnaxXjoU7eVz9mu6k /ac7+WLdyXqtrlXxClft5Bg/qEUvitHm9+jWGW4D82KhoOEbW3g46EXCPHa2oyzJUUXMa5ckbNbD nAg0yfH1YdFt0/fpYsnKRUE3uBSo6s359cINjiSWkMqbAgSt4kasrBAZnJysGOVxXJI54mP8b0zI 9lm9JCOSC7JlQVjhYZWZuCuis8PdyBsnuITUWU0YaM96Ys0NHivydKRjm9PtJTZbdP6uYoM/SbZl PYB6ENETq6qbRI7JUHICOJ59JP/9b5jTWnh33Fx+I1LSV6POaNwct/VA4xcFtQ55nqZebSRTi+Wh 1IzPH55iR1WtxkhWO8QP6zTDo139cW74HoY9O9BLvUCzcs2Cujxe1a0RcUD4vt0DserFpHFX2PUz QDZ3ypLE/DaGKuC/z61nPVemkh+RWUNcUmhfI5dA1QNR5cr9htvmWwC3XozvsnAamU+5ssTuTZdF WaCGXt4j6yXpgNsVcW3vbh3HohB1i5KOJczBo1E1B7Ziet9+oLbPK87IPsUv6J79prsZSmKBDVh+ LYuKLki9iAcN8jmrj8Mj8csP8kT8egjmo8jPxGOlfDtV07CKkgQMu1SV8HsvuBD8xj0SJr94TREF aOksV0t+PbHdv+G91Bsekd/Ss61rRC4fLGNgzk7r7I0Q9cPj4BUtidwCk/VIkI0n8ARvwU0YM4h3 QrATMggHPN9x6ZRFVmy/hZtj+uu32wQbBXjjjJT2WqkdcGx8yRRnv+fudzKSnbdcsi/fddxt5/Zf qE/Uy+XiNIX1CR0bfsxn3MJ4/C0UbIDyaxwrXu+XHSSssRMvD6lwXjluCF55zjvRNl5Q3Pp6tEzQ Gbb+GdWuz6vZTDU+6/XEt7fOLwlP2ebIralX2b0rkOdDGbfF+gceg1oNdekQMOpzlFCWb2WXZbG0 GKS6exWNRHDTshQ+JQsP6ly+dvSBwqRf90opRWERBKyWV15yfuSrV5OLuw8i0n7hSFsDxCimhBRi rNgjPmvLeaSuPpdz5yVRQSC9s5MR5sR5ckXknYjHBU+mvT+7hvm5NbiB7hI1crK2rDWnk3sx7QdK binF90SjtpmSmesseK0kUom/EwUr2xkbghHdDVy8PiVEADZzn59+YSfM94rUnkfm8JmVrrKDfpbl ZFVyYaU92CuOQGgskcDq9EwPJRUrgV1qiwLhSXCnKCgThsbY5SKcZVFq0sPKCU+zNI6OVXENLLw3 p5a89xQYen0ErnVPmvtAntULU0rJYiHSYZfyTG4pRNFqeqIgCVRwhEbCWsnswKyoXCNqPWF2QFZN rhG1UjE7AmaCNebu7g7IS8i1sHh8dxRYzqzJUujdwVkpsxYUQn8GAqxj1oIq6E1JmCwMsxPwOsvs BB5lmp1B19lmJxRRxtkZNIl1dkYSZ56dEayzz+4o1hgoUEnxeqCoD8tXDZgMiJcj1d3spSXdTr/Z 09/d9FuFLZfZilpQ651tZCRWdFyumuunWp29I+/0RKtXI27u57xcbpOjmukNulkRbH+ZboLz+GI9 wS/r7kUOj7+U2/fSXK7NAaPoFWTllKsQSpQPYXo+uE+Sx/+bSd60lQeGp16cWI/ns6e0Pj+jtcP1 AFlcvD8JPu9U6JEInypLwrkPTslEQS/+DHzXunZAYz2RJfvzp+g9X/Ri5TVrGJVbCcHtVFF4vO14 LK0MZ9sYJWWM7YddsiSaM8ZFkErmZdTsqSz10RjW6IGDhBNHCteDXrf1s95vA0MUxRuTqofH/P9H Anator52SzmWTE2fqHP89FK03TdS3UXCb2wJSp7YS/5C4Y1WX/EYLUzQh+U/pShQtPAqHYxnasOm MF+7dh0wrl5ZTBkP3f6/vSt/butG0j8zf8WztiqRRMoWD1HXJFVaS/GoxpY9slSZ1EyKRZGUwjVF cnnYUWXyvy/6ANDAA95Bid5kHFUlssiHxvGARqPx9ddORB+VI1wjvU9iV6jvtQ4sfsVHezJWDBjG EvVG79RpeTgGZT5ZLvKRKkEKYPcSyXlxyu4ZdHs/b6aLZ1mSmaWci6NekO1aNJh4rtUr+7UQo24g KYD8NodR9+fVcyP6UiQvb/2okZbyhTDqZr40TOMXHEr4Jvay4Dubw6Gd1PeP9g6PmiWoj7UE9yU1 97/Ul4S0x22iPW7rgKPCKbowGOkR/MfLxXDkcfOylivIRgwCiN33cQTCWTzBUZ7hQLIn+IFQJYpz UwovRbWiNx70B5LnUh12b+Tt1nAxuK8FzWCPALKwrLBZbOl5zb1tytgVkORjncvgAFMZHJgOB/fq pIICZNDPzfKWmJV2KkJsaCPXMF6xH+9UDIQvUMDAAod9Z+t36wns/YGaqrKmQJFwXUlFRpp964br SSCMvB0wHNh4neuNlZv6yMGDc/hjnYKl6mLyMTmY8TiTMWtoBOzFsg9dcKYbzBrHDvZmlD3meTMr v6CeZGj04Ue6zczvLHuhD77GiDRhZ1iyZtSFucxsMA644VKJuhaRsiwYLSlfjDGI/JMg1HWcdTbN PHqiNIOQgDfecZENkHjxW/2uzUubD0YIKe7A95vmXr9NuKu2eOUxLUBL3xw0TM1B0IojpNvvKxF8 I4MKJaSLJNN3hl5KCYsooySkinJemYiz3idE2v6uGBnYXC1+KwmuvJ3v+IHObDJZHJtrvGeGcLzC OpGl9DT4awyOZdR0sOKHoKL8COFKOjy4EogN9lSHqUEqBGjd8zFdJFcMlAPjaMaTxInb7E/Qy9Dv A8h9QXh/DLSlkcLYyqoNsaxUNn4czBENfTHZ0B0uQziXijZGCUhjOv9n8yfVJShyzBESRYOQzcPF opC9qN3VwpBlw1s/ZTDnZUQPV2wjeNk26mxh1ds2plsumDtirx2UhMqtooms7yOlq3NUkEDXir0+ HceuKXSda3CKX+b5tJm/4TvBenm7rz6QZtRYZOuvuXF6BWpNIyEBMSgRS29xA0u2aSMjMGirtUfJ ZOl31jZ1N5rcdEdMyDSadPubBqq3PRgDyqc/RQSe+bS7XEzgvqI3rVlY3/ZkPHpgbObUziHjByT5 g1+G88V8c+PF26vLFyx9g8FzprY0RxRU4heCtS6aklnIPMbFZFszC4oHLWmZdUXmdarqdMopFO9W 1etWVjGnY9VUx7KKel3DRSd8e7LhV5fXZ7Do3HbRp5SkZbfWUsqHfxeebfOushnNDOIKnblmKhQz TTTcnWfPkshM0zNMfA10BOPJeKAfEO/2WRJ9u/qtOg+kRdFYCq8Xdzf8ymu6587te7CIfd01OzT5 xeSrrjnj57rZCjczt1CsobkFs5pqrp9eKy1l7p8sHKebTLszVc9ypMyfm2W/n3GPqqYiPiH1HlFd YjH8LpYLIVSWNkS3tNSZaifg8BBHaRoFmwTVqyMirGCx0SM1RS8m/UGyPYb/f5t8vYltUAaI+nvL 2bTzH+ZLEtlm9RSvLiDYWXTgSatQ4C91UML393Ewmw37uqBZWClhPAnKixO+ACl0y72RCG5sdrTl FuaMq68IA9tSTpPzNqic4kW2qrxB8zat0CZUvBOR7ahMN6IbU7mOsFq1t9BdhlQ8mRrADWlFNYBl c9SAna9iwet9LwnserJwcN9b3/L3Z9q8wPKsJc9sF519KUdQ9l6YUzh/V8zrRsH98ZGjUUJU3qa7 4oiU6UzuRiwXBajXjloZkykSxOhUIPYT4kCbTOh4stfcr9UPkir/1s4UyZ1LUfmQHGDjb5xlhU9F RzYUATh2J790pt3eB07KgyS7b/+xCfjpLcYV1pLvT16/PzO/du0kV2t41H2Ay01xMtVqFsTrExp1 g9xNNmNBnUm0YmI4UUGukBSbVcThthXKxpI/CsHmIc/Bmf7/roMYf9P9MEjmyxnG6MPFSE+zqiBQ z8ChNdNB11wdgxuGxCTbhLpG5xxcIWv4tcP46iHtXLYTJArFEMFN4YjdQYkeBawnx+c+yZFE4x8e JvYSEFAl+H589+NWKJXFCv1kiRvaaaCRLSUb8fhhsg1Z10A9qoM8b22riKCwE1Enjvqgz+fGFQXK FpfP65P/Pnu9GZa5ZWEVbUygUG2bPAraOHkJN1yoBLWFcn2efGLHm1oBxg237VgU92rlMaBj03H1 4u+tr6oFynkeYS4ZuHX4aEJPOvBPHB7WkXt6kMTjwgObXRAv8Zotyrgmw7dxPHo3uBmkm6PTQYm8 A9aOco0Y54uUHNpxbexTeDeaTI7x9hRTj+xS6pHd/VpmklYoqBNYBS855DtRq+x2eEdGYsqqjOFz /XLpDgdfpZOYLZ3OAvvY3KMcPvImWSCNKMccXFqL3bijUyP4Tuq/zKdK63tksQlkAlN/KctbzZR/ bXxnKItgAaiKIKJzziSZf3kBIr7TrEVkSzNYatHtYT7N7pyMU0E0lClJ2zZ5spIsg8NhgD04aKAn lX87S7w7gkMGZ5ZjTF3qBKI3xheGOUoeRwS8U04BiePLvqUvICB+Ne9jTr1zRYnlZ08pi5k50Kh/ CwceLD9rRvrlUJg8H+EHRhT+JYTh32lxKbRs4kIcT8++P7l+faVz4OCiPzSLvhIsg7BIe/rUcEYY AnnLRMvVB11W5cPylin8OFbCYEWYqvqaOg39fWXwgXB2m08HveGtmg70YA1kTBEZh7tNHk4qAmyD bzJwUo8EtGkJLk6q1fyicVKIt2houMV/qdUwHA+STkdNyFcYT3x93vlrpxM0MtTXT2ZoHK9uaWje CD1DoVmqSQC0hM3FgjKvhwTI3Ha8dnBthrBMQkscxyevgEoFgH7y29Aklt/703DvqF4Q8JchpbV7 VD/8kidzcxdwXPh/C/m7680eposI6o++jKP9dgQyT30FCLkwALBqH6RRKAL2Y942H6HHAELsETI4 NXV+OvuQegkDwgiqD2/Vqk2u359f4Iq1HYGFEIYuet+4AESLBkxMODjeuh3Wmq2kSr+c5mj0JKdp xvFMfWngKe5wr4RtTKEYw2BHF9uYNVZYV3S8Qt+6Y7aTapGEUMuR3JHKL81NpPSgq+RCj5C++2Hw zWiEnjKw9FD1TZTuBpPkWo31+4WOe3I/CmOGEoMN4oCrcZ+Dekz0+t3wo4XsaxAOfThT1sB0qDb/ 50lyyiGFXdIEg9lMqQZmfUefTndhhFDwUG85UzbcQvXDhABQvJY9qXBzh2PEzsmU4mnQlTQyTcOU AZsnLQbiishzrVkWkmIKyovrioZuGXba0sEhqXKF40OMMejGiOwEyZGLY1bd8qvgZB2DIY21ciBW kbYWRr1WM1pbFG1bMidqxaSRDp18f5wsMT4G2EjtUulpglYM1UHIm15VOjv4hgu3hWfK4se29Mml Vm/AyQV+OViv1AEI4JAEe5xMiaDn5QqZk/JBX4VPXok7r7H29DHnD5gQyT+k8aeZoXmmAkNmzihc 5Iis1tNUkaHlhEDA9IsOPeq+6PWmFcZBmmaAr51pbnG2nKGjoXG2v5oZJrLK/5Vy0H9S/7TbMPnb TUJlgOXdDinpoDpwD0f9DvyJ6gG7S4Dl4Qy83ZAA7m9nP35/cfLmzPWdFxPIw5ErUgyNFcjksaxi 5gtl1czgIm65AGqZ+8H9ZPaQYIVg4+s658/+RSGOFSfBT2u/1jgAHgJMVCvQWAgiBiwE7OodQDBm TRlPV4VmU2QzLhxoHfUwZWogz/30e2PMl+nec91EdsyK+4pkmZjDiNuQF/DNT2sEgHYZ2aR/p6c/ dt5evD6/gJSPMsBblxTPnb/nR62f1Ynh1kX4midaKH297FqG65q27sdBC9KflytMt/AEf4LZ92tJ w+xJjSKdyXw9Ng8Du3SYOZHJ4kkmPEBijTA5y0Gz1gDG+v1D+J3KMOLv+gVTj/gTDK9QfAGcFEt+ aBJkubPrAjv2Zn53BTSj8O50Ikk/rdfZ5eXbS2dCuWXpTerS6WReXJ4tlfmn4aL3c7JJiQUpsg64 +9F+41JY4khA5vOaJnDu+e3Ah29mg+6H41DlP5xcXpxfvCpSPT9atAHm8bwmQPqzIvXDc0Urp2fd muHH3DIEZr0+HZs2RGL4aiJeISxBtC4qg+/7bSY6muDpTG9abaMTu4UXjY1W3TdeGSt0V0yTpzQw arP+4GZ51wFVsQkOJeSOoudcqEPWc84OAycX8p8OTqZTcEgLWgAKXm5DWqJqo93Q6Yngx+1HKBBX jWNPPYDs8Mpu6wzvYy4S7O+nnyf6n7rvHvYwIDDqJYmL1CG5IlSSrwAHn/gh437SXo/HuAt8EStE 2Wa3oqAbIKMdxWNw7WjpKvRNZm/Ge1JnAV4296SrXgTQuj/T4wv/FhO84hHUmKvibxPaaOm8Mgai sBFwHJn3rASb4KR0KUO/HivHbVTt1QHFekrzHIsEEydf0yLxEqqGN2OrP8wkZBzb13bK1fjOoImp ZRqHhzqzjHWAIlU03Q/jRdffgQJOL2vtAe1NZsqKnSq1BJbs5Na6RdH/2dMJ38J+1OdJ8k/rDVWf Lpbd0egh6eIljVi920g7mAwX3wC5dW/UnUESpwEwrM5xsW4n8wlRq0CusRu1J3eB8Byvb5xFu7Ik 6E4Xc5ypJt50ex+e/4Tu5ZRjNZ2dIphFSMfHftTTPc/01Q/mWbb2ObF8yJDkGFCIZnTTZ6ivw04Z Gzxaxq2il26GvzlemqdmHRlXq816UzOvPvnUNCw3EYd7LM9IlCqtsIRVSdPyPYNBw9mjfXDnBf+9 OlfXipuU0J9rpflaefcSDSzMEUb/L7Dayi4yubZwfTTRZ9lsHMr4eMibo6T7YDmD+9EmjTqwDYYf C1hJZNMYuyhbULZ1xKIS/eMZSugv274dde/mWjUWMZlwLFqQFKHabDVr1mB0DIHtHItA/7DTZHcF 02Cb9/jHLIkVbbUylsi2NGFWXhorGXPaGz33jR8zidZk/tAkOdivtdtqlhw0a609n19FtSoEMNXT HJY4R6BHtH8Ge0ZISGwDCLNmMHPdxy33hOkTAGY1n280ObxBd8K5fS3WBU9Q+CI33A1iufiEZHeW 6Q625q64s1VHRxMQAYR5E5PjxIY6MPt7l/IXwteC7jQxvHwvBCkqZY4kSIDRthEqPTOYWR5dDZ5o ADQJODtGE0BsY5ZRaNFs8kky1at2Ku0/N+ygoeHlFClAsanH1weNEo/Uu9ngFl1P8CjEAhhSiY/d 0XKQIpnYYavCpoxxiPYdan3Lg6gGmGGPE/XnPX9JkjwLipP9Ero46Y7Hkwe1npUpTyEE84SoD61k OBAYSTo9QA0RUbMBvLbZQo2Z+m/ySZlnyfsJBscM6MZXPwEZQY0Q02ZI+zka2STDOW965zfjON9J wcs5imiuSXO8gL5agAgojTWXQoJxgWExiX1pP2BeBZ1NogfpFtRI0G3A6/P3V52Lt6dn4N1HNz9G lm05SZblLQ4wqYjPtuBp1uvRqvQtQlZlkUsjqM75lCsUAVATNfgPNAsl1hxPYSam1K5aH7VPdxkh BThfTqejh446X2DeX4xtCb9HThmBSYG8NxgUEnmPrhh4g3mXQk5rTliHqpOwewEET71RMv0HaNqG 3nKE4Mo9RKRERi/+IieP0LED92JjQaEdlj1TA/lenuVNuFTaZzWPzn5ZzLoMzzUGT5fOi2NOBqrN hPT8cq4QYwske0azWQInFL7jcw9nTLMT4Nix5l8B2881wwrZYO7tpTSz6IACc3yiVC6EldJF1Fap nOTdnjkzilDXLpkKGAgmI0k2ap5atDF8Ys4LmRSTFpdG9gw7ZrY82drWFQfHXHls1sQkkgXqRIea 7EG4G+nI1g4OBieI2aZI0G5vIR34LcgkCdDSZlsjCEANQxJVnLMiEAzy3UDWgg/Pw64nzLwqCdXm Pisw34hB5rfCWI33V28vz+JIjUxhAZxGQJxW7ZagLNCTyNnAVG8CDSl9rPP5b4y5/X7I3iPpkZOm oxrfLvsofTufDArHlefwU3mJoaJOopLNSJ8UsCHVwg1Zo68p5JmPXvSafQF+Qh7RGLpknU6ooipX Hn4/sxuquJKXtybSu8bwgU1JwRZwDeR54WxYYNy9kO8oE/cgPcnkONITlqAYkdVuT/cBBxoORy3Z TWfXZKdZ64DAWq12A9LweT4AOw1T6iK1mL3Fam82xMRWx5bzW3e9B9ZicUlwyAGMO+ROA+T4w2CR IF9WLSGvAtBDqn1amTa9QUd/pPaM2ZJTgKR1kqc4cPxJd3wM31pohP5jxRDJpmxqmYQhniorlSwk VfYPgX81El3L0cQt5Fpo0FcHo+SsUUhfL9WWdyWTCLUpLLQSMlOpR0I3P241FsvG9UjEVLymQEqS nLrMIFM9nBf866/d6Zl3mKvI0XCaBxamTOIiSHzTd2d2hIsKNJ3Mk0oDWnFHMyU4OH6ZonH8fvOQ 2LS2kH+mtY+Ijr16q1Zv2dQmn83HdrcEXeM4126G/eOA20cGVmt9ZtjqNHiPENBb6UsRv5CL+dPF PFv8SZDTT2rcozDy36ItSQ0PTUSXw8QvOU6XZBdvRjk6PboF6bOMqmYDrwRF+czwyTWgyp/4+FON DXhgifpDV40NuS0bGfRqdNAdzqqM6uSwcxk58BKRIwce7t7s6QwBkHxmkxh91h0Hu7V2XemOVqO2 p5mW+bR4l0EiHicDEs2uJRv/uxzioZ88El6sYZhkRzvrddECBETirdYwsxBgfXaUXrufR2tOxE+4 ARaXVroJ5sbt0Y2QF8ClmyEn9g5ts8B7tGOvw90GRdogLtaKNWEsXob6ctDfweSkZWdA6jZs5dpv bz9T9XKlq/rxzx3w1e1o9zbnSi38EkLecdGQPLPU35W1BieaR252R2Ou9BF24wU8BMQWLxzl+EKI M32I366lnHcZ7F2l9EaYYSuuOTLrLa07qnLZxhoR0h6Fm1FQfxRqSFiDFG5KRIdUo9M31o6gFslu Rgk9kj0jMpZy6RZEdck6mlBcnxR/IdkaJZoiXWeqC0EkvE6UKeeeauoxZJWw/ZfjlY4MXCz70PAf Zpb/xxq9QBdEJMRTDWKZLGcBDMrIejfJBg46PkOA2hB7RWrf7w/n6zN8Q4aGU+Gard5S9a/J5C3V hjXYu/n1r83YXanqJ7J0c+r+TGZuEQNXWLO2gdag9e3fbGN01eVc0B4N7/WPW9JljdGSbVibJVqy HWsxQ4u0YY026IrVP5kBmlv/Z7M+y9qdhHpcyfR0i4asT0pT2sAMZO1dkYEsRfDlZoN8tfhAZuX1 8Hx8O4HASwjYTL71kj9GHkql/BDchByPaSgUr88x3BaB21Bc6TT+5t3r61fnF3ixQGoTaBbFh19V Q0++Oz+Ff8vnoDa8JyEUTbu9X2scqgFp1GsNTdNjecfEMFD3sHMZ3ZffU7A/NJYb8Obk1flLmFQ8 edyPc+40KgiyVKbgsPchgZsrQvksx2SwakAzAmnrz3ef/5KcvDuHqyjYqwB1ez9Vrb0ZjoaLBwty hZ96LSn5o5py3/2fySxhNr4E5VV2VxI0HPuC+AWJh66Zq61hOqZtYfhpPE0HkifsgJ5Azvt/f3Vy cXpyeZpdixIJ27r4BHA73px5hKikItZDwQ4rQWpJzgZqy1eKhglrVxwvjNXxWkSQi5KC+gOAxw3G veFgnvAUpOG+PH97eX5l+KwyJQNh4Ww4mallYVtkh/vRopIKR7aX65w6NcofEhQjFI1KV4IQzeMI 4lF6e2U0TH7jlCAzw40gM0qPF0VInHI/StB8eQ8cB46gjXezycdhX80Jpp1GLO980IPIEMc9YHIl lK5XSe/Nhojs5HqRTp8yMbf3TJ6BY49X4audjtrYhgu2JsLZA9xHshMFMDX8corqUTD4pjZ1bGCj WWupBu7v1uyFOhJonF+cX2kfFc4O+ICVDdgZtcRpVQ33ONVWngDFni5CEhxguZbf5pAEM9t1fXen 3k7q+0d7h0fN8iTBAcbrvb0vmSSYyN4M15uaW2OYXMx4DauftxRkvfYIsf2vEZ7xyiMNBrjbuxRD sKCG1aH/LmGsJKql8G80b+mXJOeW9/HIcfuclUPnw+Bhwz5nr9npKQklhkrwhDAbO8R8QUJafq4Q Ly0/W4Bx9k+q2cLywlSzlvecMi1DGgjeJT5wBqvUWMIO+sKErrKub1Eq55Y4R/3JgPFZGTCcEOHf N8XD8VNwPOh+nhpHBsW/0piwK0x9xKnAuK8TyA6fzIcQZTYkMLCADj/X07ldR7Ja+rWOWJLj300o xfHvKJYiNSp/IsZ760eM40qCgzEYMYPx8l5Z01HbdDkMJa6AT0O2KHy+ug2qS0vbs3HU+KITVHi2 Jxz6HuaLwX0kO8V80R8Nb+LZKcKpKAKpJCK2J7UJU0w0UikmdNoGNBbCGR1kuof/h3wOlA6vpmZm lX5B+60SpxBpumqybPehheUdQckctTtuavexLsfHhY0R81DFVH06AQ3VZ8tjCDwR38xsIPrZxcvL H99dnZ0ahyED9imCiDH7//63BairCvh6nLnR37x/9f7q5OqsY2Q5XHCVP0IYSCkC2mC7ijDRBptQ iZDR6rfMJLSq/ctRH/n6lel4q76iVJaVJAn2l75akZq/Timc6iaHk0gIeTu8A0cRTOWMRNX+ksnM IRh/OCtxILw3Jrl8pqN34C6FPtv5rhfiMqDeHWI2PP79ZNnw3npZ7IqkwHNOZ5S9rpojp8g5z+TB 02rgJRBOgNaZD0wWXHNkM0H7umM6bB3fMpx3Je9Hz+ckeAQF5mpBmGWC7X81uigjH16WcRNwuMVS ytl0cisaNynHWuOo/mU71pCBDP9vYxRQXWxuc4jCh8ED3E9viWOUeEgqga207pEgNP/hgO4x0sUS 3dwWi3Or6CrniuNyCq9y8ErLTHT2uL/wfN4Y+LEHA4r/T1k26oXDwpMxH9/bfzupc81hex0bwnHJ HeH496O8j59Oex+Lm/b/A14x2RvxCgEA --Apple-Mail-2-364112784-- From donny.viszneki@gmail.com Sat May 12 07:49:50 2007 From: donny.viszneki@gmail.com (Donny Viszneki) Date: Sat, 12 May 2007 02:49:50 -0400 Subject: [OTR-dev] Verifies that Alice's gy is a legal value... Message-ID: <44acbb800705112349h183d2038k6e09e0c2effd5e03@mail.gmail.com> I've been working on writing my own complete implementation of OTR version 2 including implementing all of the functionality it depends on from libgcrypt. I'm not retarded, but my background isn't in cryptography or math. So I have a pretty simple question that probably anyone on the list could tell me. In the OTR protocol version 2 description, a "modulus-2" function is referenced twice: Verifies that Alice's gy is a legal value (2 <= gy <= modulus-2) Verifies that Bob's gx is a legal value (2 <= gx <= modulus-2) What is this function? I can't seem to find any information on it. Every time I need a break from other OTR-related work, I decided to look around for it some more. Now I've finally decided to just ask the list. So what's the answer?! From ian@cypherpunks.ca Sat May 12 16:13:08 2007 From: ian@cypherpunks.ca (Ian Goldberg) Date: Sat, 12 May 2007 11:13:08 -0400 Subject: [OTR-dev] Verifies that Alice's gy is a legal value... In-Reply-To: <44acbb800705112349h183d2038k6e09e0c2effd5e03@mail.gmail.com> References: <44acbb800705112349h183d2038k6e09e0c2effd5e03@mail.gmail.com> Message-ID: <20070512151308.GM6184@yoink.cs.uwaterloo.ca> On Sat, May 12, 2007 at 02:49:50AM -0400, Donny Viszneki wrote: > I've been working on writing my own complete implementation of OTR > version 2 including implementing all of the functionality it depends > on from libgcrypt. Wow; that's cool (if a little dangerous, if your background isn't in crypto or math). What language are you writing in? > I'm not retarded, but my background isn't in cryptography or math. So > I have a pretty simple question that probably anyone on the list could > tell me. > > In the OTR protocol version 2 description, a "modulus-2" function is > referenced twice: > > Verifies that Alice's gy is a legal value (2 <= gy <= modulus-2) > Verifies that Bob's gx is a legal value (2 <= gx <= modulus-2) > > What is this function? I can't seem to find any information on it. > Every time I need a break from other OTR-related work, I decided to > look around for it some more. Now I've finally decided to just ask the > list. So what's the answer?! "modulus" is the modulus being used for the Diffie-Hellman calculation (the 1536-bit value listed under "Encoded Messages" in the spec). "modulus-2" is the modulus, minus 2. The reason to check that gx and gy are in that range is because all of those values have large order ((p-1)/2 or (p-1)). Values outside that range (like 1 and modulus-1) can have small order (1 or 2, respectively). Small order is Bad for Diffie-Hellman. Hope that helps, - Ian From donny.viszneki@gmail.com Sat May 12 18:10:49 2007 From: donny.viszneki@gmail.com (Donny Viszneki) Date: Sat, 12 May 2007 13:10:49 -0400 Subject: [OTR-dev] Verifies that Alice's gy is a legal value... In-Reply-To: <20070512151308.GM6184@yoink.cs.uwaterloo.ca> References: <44acbb800705112349h183d2038k6e09e0c2effd5e03@mail.gmail.com> <20070512151308.GM6184@yoink.cs.uwaterloo.ca> Message-ID: <44acbb800705121010k2bbfdaepc8cbc6254b086911@mail.gmail.com> On 5/12/07, Ian Goldberg wrote: > On Sat, May 12, 2007 at 02:49:50AM -0400, Donny Viszneki wrote: > > I've been working on writing my own complete implementation of OTR > > version 2 including implementing all of the functionality it depends > > on from libgcrypt. > > Wow; that's cool (if a little dangerous, if your background isn't in > crypto or math). What language are you writing in? That information is top-secret. > > I'm not retarded, but my background isn't in cryptography or math. So > > I have a pretty simple question that probably anyone on the list could > > tell me. > > > > In the OTR protocol version 2 description, a "modulus-2" function is > > referenced twice: > > > > Verifies that Alice's gy is a legal value (2 <= gy <= modulus-2) > > Verifies that Bob's gx is a legal value (2 <= gx <= modulus-2) > > > > What is this function? I can't seem to find any information on it. > > Every time I need a break from other OTR-related work, I decided to > > look around for it some more. Now I've finally decided to just ask the > > list. So what's the answer?! > > "modulus" is the modulus being used for the Diffie-Hellman calculation > (the 1536-bit value listed under "Encoded Messages" in the spec). > "modulus-2" is the modulus, minus 2. The reason to check that gx and gy > are in that range is because all of those values have large order > ((p-1)/2 or (p-1)). Values outside that range (like 1 and modulus-1) > can have small order (1 or 2, respectively). Small order is Bad for > Diffie-Hellman. That's hilarious. I had three people tell me this was NOT what was meant by "Modulus-2." How disappointing. Thanks so much for your help Ian. > Hope that helps, > > - Ian > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > From rabbi@abditum.com Sat May 12 18:58:31 2007 From: rabbi@abditum.com (Len Sassaman) Date: Sat, 12 May 2007 10:58:31 -0700 (PDT) Subject: [OTR-dev] Verifies that Alice's gy is a legal value... In-Reply-To: <44acbb800705121010k2bbfdaepc8cbc6254b086911@mail.gmail.com> References: <44acbb800705112349h183d2038k6e09e0c2effd5e03@mail.gmail.com> <20070512151308.GM6184@yoink.cs.uwaterloo.ca> <44acbb800705121010k2bbfdaepc8cbc6254b086911@mail.gmail.com> Message-ID: On Sat, 12 May 2007, Donny Viszneki wrote: > That's hilarious. I had three people tell me this was NOT what was > meant by "Modulus-2." How disappointing. Thanks so much for your help > Ian. That's probably worth throwing into a comment in the code somewhere appropriate, since even though I know better, "modulus-2" reads as "modulus dash two" to me, which could mean any number of things. Is anyone keeping a collection of questions that independent implemetors are asking? I'd be particularly interested in what Evan had to ask about -- these questions might be a good basis for an implementor FAQ or areas of clarification in the spec / library docs / code. --Len. From alex323@gmail.com Fri May 18 23:14:13 2007 From: alex323@gmail.com (Alex) Date: Fri, 18 May 2007 18:14:13 -0400 Subject: [OTR-dev] Configure script problem Message-ID: <20070518181413.22293070@darwin> --MP_P5XXVdgViRkh/v/XEZj1PdB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello. The configure script for gaim-otr (pidgin-otr?) located at http://www.cypherpunks.ca/otr/gaim-otr-3.0.0.tar.gz uses pkg-config to check to make sure gaim is installed. When using pidgin, this does not work (as the package name is "pidgin" and not "gaim"). Attached are my changes to the file (only changed the pkg-config related stuff, not the package name, gaim-otr). -- Alex --MP_P5XXVdgViRkh/v/XEZj1PdB Content-Type: text/x-patch; name=configure.diff Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=configure.diff --- gaim-otr-3.0.0/configure 2005-11-02 17:26:14.000000000 -0500 +++ configure 2007-05-18 18:10:30.000000000 -0400 @@ -19458,23 +19458,23 @@ else PKG_CONFIG_MIN_VERSION=3D0.9.0 if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; t= hen - echo "$as_me:$LINENO: checking for glib-2.0 >=3D 2.4 gtk+-2.0 >=3D= 2.4 gaim >=3D 1.0" >&5 -echo $ECHO_N "checking for glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 gaim >=3D 1= .0... $ECHO_C" >&6 + echo "$as_me:$LINENO: checking for glib-2.0 >=3D 2.4 gtk+-2.0 >=3D= 2.4 pidgin >=3D 1.0" >&5 +echo $ECHO_N "checking for glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 pidgin >=3D= 1.0... $ECHO_C" >&6 =20 - if $PKG_CONFIG --exists "glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 gaim = >=3D 1.0" ; then + if $PKG_CONFIG --exists "glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 pidgi= n >=3D 1.0" ; then echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 succeeded=3Dyes =20 echo "$as_me:$LINENO: checking EXTRA_CFLAGS" >&5 echo $ECHO_N "checking EXTRA_CFLAGS... $ECHO_C" >&6 - EXTRA_CFLAGS=3D`$PKG_CONFIG --cflags "glib-2.0 >=3D 2.4 gtk+-2= .0 >=3D 2.4 gaim >=3D 1.0"` + EXTRA_CFLAGS=3D`$PKG_CONFIG --cflags "glib-2.0 >=3D 2.4 gtk+-2= .0 >=3D 2.4 pidgin >=3D 1.0"` echo "$as_me:$LINENO: result: $EXTRA_CFLAGS" >&5 echo "${ECHO_T}$EXTRA_CFLAGS" >&6 =20 echo "$as_me:$LINENO: checking EXTRA_LIBS" >&5 echo $ECHO_N "checking EXTRA_LIBS... $ECHO_C" >&6 - EXTRA_LIBS=3D`$PKG_CONFIG --libs "glib-2.0 >=3D 2.4 gtk+-2.0 >= =3D 2.4 gaim >=3D 1.0"` + EXTRA_LIBS=3D`$PKG_CONFIG --libs "glib-2.0 >=3D 2.4 gtk+-2.0 >= =3D 2.4 pidgin >=3D 1.0"` echo "$as_me:$LINENO: result: $EXTRA_LIBS" >&5 echo "${ECHO_T}$EXTRA_LIBS" >&6 else @@ -19482,7 +19482,7 @@ EXTRA_LIBS=3D"" ## If we have a custom action on failure, don't print errors, = but ## do set a variable so people can do so. - EXTRA_PKG_ERRORS=3D`$PKG_CONFIG --errors-to-stdout --print-err= ors "glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 gaim >=3D 1.0"` + EXTRA_PKG_ERRORS=3D`$PKG_CONFIG --errors-to-stdout --print-err= ors "glib-2.0 >=3D 2.4 gtk+-2.0 >=3D 2.4 pidgin >=3D 1.0"` =20 fi =20 @@ -19499,7 +19499,7 @@ else { { echo "$as_me:$LINENO: error: glib" >&5 echo "$as_me: error: glib" >&2;} - { (exit gtk and gaim required); exit gtk and gaim required; }; } + { (exit gtk and pidgin required); exit gtk and pidgin required; }; } fi =20 =20 --MP_P5XXVdgViRkh/v/XEZj1PdB-- From alex323@gmail.com Sat May 19 02:57:58 2007 From: alex323@gmail.com (Alex) Date: Fri, 18 May 2007 21:57:58 -0400 Subject: [OTR-dev] Re: Configure script problem In-Reply-To: <20070518181413.22293070@darwin> References: <20070518181413.22293070@darwin> Message-ID: <20070518215758.2919cb5b@darwin> On Fri, 18 May 2007 18:14:13 -0400 Alex wrote: > Hello. The configure script for gaim-otr (pidgin-otr?) located at > http://www.cypherpunks.ca/otr/gaim-otr-3.0.0.tar.gz uses pkg-config to > check to make sure gaim is installed. When using pidgin, this does not > work (as the package name is "pidgin" and not "gaim"). Attached are my > changes to the file (only changed the pkg-config related stuff, not > the package name, gaim-otr). > *sigh* CVS worked, but the link on the home page is misleading. It is labeled as Pidgin but is for gaim. -- Alex From paul@cypherpunks.ca Tue May 22 15:13:07 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Tue, 22 May 2007 10:13:07 -0400 (EDT) Subject: [OTR-dev] Re: Configure script problem In-Reply-To: <20070518215758.2919cb5b@darwin> References: <20070518181413.22293070@darwin> <20070518215758.2919cb5b@darwin> Message-ID: On Fri, 18 May 2007, Alex wrote: > *sigh* CVS worked, but the link on the home page is misleading. Yes. The gaim->pidgin changes should really have warranted a new release. I completely agree. Paul From mimosius@gmx.de Wed May 23 19:20:30 2007 From: mimosius@gmx.de (Glen Masgai) Date: Wed, 23 May 2007 20:20:30 +0200 Subject: [OTR-dev] pidgin-otr alias patch Message-ID: <465485EE.3060308@gmx.de> This is a multi-part message in MIME format. --------------090105060006000502030407 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Hi, I've made a patch which enables the usage of alias names instead of registration id's (ICQ uin e.g.), so key management should be much simpler and the messages in the conversation window more user friendly. The patch was made against the CVS version. Would someone of the developers review this patch and add it to the CVS? Regards, Glen Masgai --------------090105060006000502030407 Content-Type: text/x-patch; name="pidgin-otr-add-alias.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="pidgin-otr-add-alias.diff" diff -urwp pidgin-otr-svn/gtk-dialog.c pidgin-otr-3.0.1/gtk-dialog.c --- pidgin-otr-svn/gtk-dialog.c 2007-05-23 17:50:47.000000000 +0200 +++ pidgin-otr-3.0.1/gtk-dialog.c 2007-05-23 17:59:51.000000000 +0200 @@ -990,10 +990,13 @@ static GtkWidget* otrg_gtk_dialog_view_s GtkWidget *dialog; unsigned char *sessionid; char sess1[21], sess2[21]; - char *primary = g_strdup_printf("Private connection with %s " - "established.", context->username); + char *primary; char *secondary; int i; + PurpleAccount *account = purple_accounts_find(context->accountname, context->protocol); + const char *alias = otrg_plugin_get_buddy_alias(account, context->username); + primary = g_strdup_printf("Private connection with %s " + "established.", alias ? alias : context->username); OtrlSessionIdHalf whichhalf = context->sessionid_half; size_t idhalflen = (context->sessionid_len) / 2; @@ -1097,6 +1100,9 @@ static void add_vrfy_fingerprint(GtkWidg struct vrfy_fingerprint_data *vfd = data; char *labelt; int verified = 0; + PurpleAccount *account = purple_accounts_find(vfd->accountname, + vfd->protocol); + const char *alias = otrg_plugin_get_buddy_alias(account, vfd->username); if (vfd->fprint->trust && vfd->fprint->trust[0]) { verified = 1; @@ -1117,7 +1123,7 @@ static void add_vrfy_fingerprint(GtkWidg hbox = gtk_hbox_new(FALSE, 0); labelt = g_strdup_printf("fingerprint for %s.", - vfd->username); + alias ? alias : vfd->username); label = gtk_label_new(labelt); g_free(labelt); gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0); @@ -1161,8 +1167,13 @@ static void otrg_gtk_dialog_verify_finge context = fprint->context; if (context == NULL) return; - primary = g_strdup_printf("Verify fingerprint for %s", + PurpleAccount *account = purple_accounts_find(context->accountname, context->protocol); + const char *alias = otrg_plugin_get_account_alias(account); + const char *buddyalias = otrg_plugin_get_buddy_alias(account, context->username); + + primary = g_strdup_printf("Verify fingerprint for %s", + buddyalias ? buddyalias : context->username); vfd = vrfy_fingerprint_data_new(fprint); otrl_privkey_fingerprint(otrg_plugin_userstate, our_hash, @@ -1173,8 +1184,9 @@ static void otrg_gtk_dialog_verify_finge p = purple_find_prpl(context->protocol); proto_name = (p && p->info->name) ? p->info->name : "Unknown"; secondary = g_strdup_printf("Fingerprint for you, %s (%s):\n%s\n\n" - "Purported fingerprint for %s:\n%s\n", context->accountname, - proto_name, our_hash, context->username, their_hash); + "Purported fingerprint for %s:\n%s\n", + alias ? alias : context->accountname, proto_name, our_hash, + buddyalias ? buddyalias : context->username, their_hash); dialog = create_dialog(PURPLE_NOTIFY_MSG_INFO, "Verify fingerprint", primary, secondary, 1, NULL, add_vrfy_fingerprint, vfd); @@ -1191,10 +1203,15 @@ static void otrg_gtk_dialog_connected(Co PurpleConversation *conv; char *buf; TrustLevel level; + PurpleAccount *account; conv = otrg_plugin_context_to_conv(context, 1); level = otrg_plugin_context_to_trust(context); + account = purple_conversation_get_account(conv); + const char* alias = otrg_plugin_get_buddy_alias(account, + context->username); + buf = g_strdup_printf("%s conversation with %s started.%s", level == TRUST_PRIVATE ? "Private" : level == TRUST_UNVERIFIED ? "username, context->protocol_version == 1 ? " Warning: using old " "protocol version 1." : ""); @@ -1217,11 +1234,15 @@ static void otrg_gtk_dialog_disconnected { PurpleConversation *conv; char *buf; + PurpleAccount *account; conv = otrg_plugin_context_to_conv(context, 1); + account = purple_conversation_get_account(conv); + const char* alias = otrg_plugin_get_buddy_alias(account, + context->username); buf = g_strdup_printf("Private conversation with %s lost.", - purple_conversation_get_name(conv)); + alias ? alias : context->username); purple_conversation_write(conv, NULL, buf, PURPLE_MESSAGE_SYSTEM, time(NULL)); g_free(buf); @@ -1244,8 +1265,10 @@ static void otrg_gtk_dialog_finished(con conv = purple_find_conversation_with_account(PURPLE_CONV_TYPE_IM, username, account); if (!conv) return; + const char *alias = otrg_plugin_get_buddy_alias(account, username); + buf = g_strdup_printf("%s has ended his private conversation with you; " - "you should do the same.", purple_conversation_get_name(conv)); + "you should do the same.", alias ? alias : username); purple_conversation_write(conv, NULL, buf, PURPLE_MESSAGE_SYSTEM, time(NULL)); g_free(buf); @@ -1256,6 +1279,7 @@ static void otrg_gtk_dialog_finished(con * our state to change (because it was just the keys we knew already). */ static void otrg_gtk_dialog_stillconnected(ConnContext *context) { + PurpleAccount *account; PurpleConversation *conv; char *buf; TrustLevel level; @@ -1263,6 +1287,10 @@ static void otrg_gtk_dialog_stillconnect conv = otrg_plugin_context_to_conv(context, 1); level = otrg_plugin_context_to_trust(context); + account = purple_conversation_get_account(conv); + const char* alias = otrg_plugin_get_buddy_alias(account, + context->username); + buf = g_strdup_printf("Successfully refreshed the %s conversation " "with %s.%s", level == TRUST_PRIVATE ? "private" : @@ -1271,7 +1299,7 @@ static void otrg_gtk_dialog_stillconnect /* This last case should never happen, since we know * we're in ENCRYPTED. */ "not private", - purple_conversation_get_name(conv), + alias ? alias : context->username, context->protocol_version == 1 ? " Warning: using old " "protocol version 1." : ""); @@ -1288,13 +1316,16 @@ static void otrg_gtk_dialog_clicked_conn const char *format; char *buf; PurpleConversation *conv = data; + PurpleAccount *account=purple_conversation_get_account(data); + const char *username=purple_conversation_get_name(conv); + const char *alias=otrg_plugin_get_buddy_alias(account,username); if (purple_conversation_get_data(conv, "otr-private")) { format = "Attempting to refresh the private conversation with %s..."; } else { format = "Attempting to start a private conversation with %s..."; } - buf = g_strdup_printf(format, purple_conversation_get_name(conv)); + buf = g_strdup_printf(format, alias ? alias : username); purple_conversation_write(conv, NULL, buf, PURPLE_MESSAGE_SYSTEM, time(NULL)); g_free(buf); diff -urwp pidgin-otr-svn/gtk-ui.c pidgin-otr-3.0.1/gtk-ui.c --- pidgin-otr-svn/gtk-ui.c 2007-05-23 17:50:47.000000000 +0200 +++ pidgin-otr-3.0.1/gtk-ui.c 2007-05-23 17:51:15.000000000 +0200 @@ -173,10 +173,15 @@ static void otrg_gtk_ui_update_keylist(v PurplePlugin *p; char *proto_name; fingerprint = context->fingerprint_root.next; + PurpleAccount *account = purple_accounts_find(context->accountname, + context->protocol); + const char *alias = otrg_plugin_get_account_alias(account); + const char *buddyalias = otrg_plugin_get_buddy_alias(account, + context->username); /* If there's no fingerprint, don't add it to the known * fingerprints list */ while(fingerprint) { - titles[0] = context->username; + titles[0] = buddyalias ? buddyalias : context->username; if (context->msgstate == OTRL_MSGSTATE_ENCRYPTED && context->active_fingerprint != fingerprint) { titles[1] = "Unused"; @@ -190,8 +195,8 @@ static void otrg_gtk_ui_update_keylist(v titles[3] = hash; p = purple_find_prpl(context->protocol); proto_name = (p && p->info->name) ? p->info->name : "Unknown"; - titles[4] = g_strdup_printf("%s (%s)", context->accountname, - proto_name); + titles[4] = g_strdup_printf("%s (%s)", alias ? + alias : context->accountname,proto_name); i = gtk_clist_append(GTK_CLIST(keylist), titles); g_free(titles[4]); gtk_clist_set_row_data(GTK_CLIST(keylist), i, fingerprint); diff -urwp pidgin-otr-svn/otr-plugin.c pidgin-otr-3.0.1/otr-plugin.c --- pidgin-otr-svn/otr-plugin.c 2007-05-23 17:50:47.000000000 +0200 +++ pidgin-otr-3.0.1/otr-plugin.c 2007-05-23 17:51:15.000000000 +0200 @@ -466,6 +466,29 @@ void otrg_plugin_write_fingerprints(void fclose(storef); } +/* Get the buddy alias */ +const char* otrg_plugin_get_buddy_alias(PurpleAccount *account, const char *username) +{ + PurpleBuddy *buddy; + + if (account && username) { + buddy=purple_find_buddy(account, username); + if (buddy) + return purple_buddy_get_alias(buddy); + } + + return NULL; +} + +/* Get the account alias */ +const char* otrg_plugin_get_account_alias(PurpleAccount *account) +{ + if (account) + return purple_account_get_alias(account); + + return NULL; +} + /* Find the ConnContext appropriate to a given PurpleConversation. */ ConnContext *otrg_plugin_conv_to_context(PurpleConversation *conv) { diff -urwp pidgin-otr-svn/otr-plugin.h pidgin-otr-3.0.1/otr-plugin.h --- pidgin-otr-svn/otr-plugin.h 2007-05-23 17:50:47.000000000 +0200 +++ pidgin-otr-3.0.1/otr-plugin.h 2007-05-23 17:51:15.000000000 +0200 @@ -61,6 +61,12 @@ void otrg_plugin_disconnect(ConnContext /* Write the fingerprints to disk. */ void otrg_plugin_write_fingerprints(void); +/* Get the buddy alias */ +const char* otrg_plugin_get_buddy_alias(PurpleAccount *account, const char *username); + +/* Get the account alias */ +const char* otrg_plugin_get_account_alias(PurpleAccount *account); + /* Find the ConnContext appropriate to a given PurpleConversation. */ ConnContext *otrg_plugin_conv_to_context(PurpleConversation *conv); --------------090105060006000502030407-- From timg10@gmx.net Fri May 25 10:57:38 2007 From: timg10@gmx.net (Tim) Date: Fri, 25 May 2007 11:57:38 +0200 Subject: [OTR-dev] session termination Message-ID: <4656B312.4060604@gmx.net> Hello, I want to bring up the session termination bug one more time (see Scott Ellis' mails for details). Shouldn't it be quite easy to write a patch for the Gaim/Pidgin plugin in order to make it stop an OTR session as soon as one user goes offline? I recently read a bit of the plugin's source code, but since I haven't read Gaim's source code yet, I would need quite some time to do it myself. So I'm asking if anyone of you is willing to write a patch. You would have it done within a few minutes, I guess. It could remain inofficial, but it would make OTR usable for me and my friends. Right now we have disabled our OTR plugins because that bug is so annoying... Tim From paul@cypherpunks.ca Fri May 25 16:48:22 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Fri, 25 May 2007 11:48:22 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <4656B312.4060604@gmx.net> References: <4656B312.4060604@gmx.net> Message-ID: On Fri, 25 May 2007, Tim wrote: > I want to bring up the session termination bug one more time (see Scott > Ellis' mails for details). > Shouldn't it be quite easy to write a patch for the Gaim/Pidgin plugin > in order to make it stop an OTR session as soon as one user goes offline? > I recently read a bit of the plugin's source code, but since I haven't > read Gaim's source code yet, I would need quite some time to do it myself. > So I'm asking if anyone of you is willing to write a patch. You would > have it done within a few minutes, I guess. It could remain inofficial, > but it would make OTR usable for me and my friends. > Right now we have disabled our OTR plugins because that bug is so > annoying... With people hopping on and off the net on different IP's, I wouldn't want to restart an OTR session everytime that happens. Net connectivity isnt so much what should "end" your OTR session. It's the user deciding they won't talk to you long enough to justify closing the secure channel. I'm not sure what the exact bug is you are experiencing. If it is th "talking while user is gone" bug, then I agree I would like to see a better message then just a quote or the garbliegoo we send. According to Ian, that currently doesn't go through gaim-otr, so we can't really filter it from gaim-otr. Paul From timg10@gmx.net Fri May 25 17:52:09 2007 From: timg10@gmx.net (Tim) Date: Fri, 25 May 2007 18:52:09 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> Message-ID: <46571439.6050309@gmx.net> The bug I mean is the Miranda - Gaim session termination bug. It occurs when the Miranda user exits the Miranda program, i.e.goes offline. The Miranda OTR plugin doesn't send a session termination message as the Gaim plugin does. According to Scott Ellis (the programmer of the Miranda plugin) it's not possible to send such a message because of Miranda's infrastructure. So the Gaim OTR plugin doesn't know the Miranda user is offline and continues sending encrypted messages (which are then stored on the ICQ or Jabber server until the Miranda user goes back online). If I understood correctly, this is the desired behaviour. This is fine as long as the user went offline because he lost his internet connection, but keeps his IM program running, so he still has his session keys in memory. But if he exits the program the keys will be gone and he can't decrypt the messages which are stored on the ICQ servers any more. I assume the same thing will happen if both communication partners use Gaim. If communication partner now looses his internet connection and then exits Gaim, he will lose the session keys as well and thus his offline messages. In my opinion a message transport protocol should above all be reliable. The bug I described makes instant messaging with OTR unreliable, because one can't be certain all the messages sent can be read. That's why I wanted a change in the Gaim plugin's behaviour. (And in the proxy as well, I just noticed that it acts identically). Don't think this bug occurs rarely: It happened to me almost every day. I don't know how it is in other countries, but here in Germany most internet providers let their customers keep their IP address for 24 hours, so unintended "IP hops" are quite seldom. At least I don't tend to chat for more than 24 hours ;). - Tim Paul Wouters schrieb: > On Fri, 25 May 2007, Tim wrote: > > >> I want to bring up the session termination bug one more time (see Scott >> Ellis' mails for details). >> Shouldn't it be quite easy to write a patch for the Gaim/Pidgin plugin >> in order to make it stop an OTR session as soon as one user goes offline? >> I recently read a bit of the plugin's source code, but since I haven't >> read Gaim's source code yet, I would need quite some time to do it myself. >> So I'm asking if anyone of you is willing to write a patch. You would >> have it done within a few minutes, I guess. It could remain inofficial, >> but it would make OTR usable for me and my friends. >> Right now we have disabled our OTR plugins because that bug is so >> annoying... >> > > With people hopping on and off the net on different IP's, I wouldn't > want to restart an OTR session everytime that happens. > > Net connectivity isnt so much what should "end" your OTR session. It's > the user deciding they won't talk to you long enough to justify closing > the secure channel. > > I'm not sure what the exact bug is you are experiencing. If it is th > "talking while user is gone" bug, then I agree I would like to see > a better message then just a quote or the garbliegoo we send. According > to Ian, that currently doesn't go through gaim-otr, so we can't really > filter it from gaim-otr. > > Paul > > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > > From paul@cypherpunks.ca Fri May 25 23:09:34 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Fri, 25 May 2007 18:09:34 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <46571439.6050309@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> Message-ID: On Fri, 25 May 2007, Tim wrote: > I assume the same thing will happen if both communication partners use > Gaim. If communication partner now looses his internet connection and > then exits Gaim, he will lose the session keys as well and thus his > offline messages. > > In my opinion a message transport protocol should above all be reliable. > The bug I described makes instant messaging with OTR unreliable, because > one can't be certain all the messages sent can be read. It is still reliable, in that when the user comes online, OTR kickstarts and (assuming the queue didnt fill up) will detect unreadable messages, and will perform a resend. I know this works fine for me. If you send me a message when offline, when I come online, gaim-otr detects an unreadable message re-initiates otr. The gaim on the other end will then resend the message. So, I think you are being bitten by a Miranda specific bug. Feel free to install Gaim for windows and proof me wrong (at letoams@jabber.xs4all.nl) Paul From timg10@gmx.net Sat May 26 02:16:31 2007 From: timg10@gmx.net (Tim) Date: Sat, 26 May 2007 03:16:31 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> Message-ID: <46578A6F.1010708@gmx.net> Hi Paul, ok, I installed Pidgin and OTR for Windows and added you - let's see if it works. What will happen when you send me messages I can't decrypt and then you go offline? - no chance for a resent then. Tim Paul Wouters schrieb: > On Fri, 25 May 2007, Tim wrote: > > >> I assume the same thing will happen if both communication partners use >> Gaim. If communication partner now looses his internet connection and >> then exits Gaim, he will lose the session keys as well and thus his >> offline messages. >> >> In my opinion a message transport protocol should above all be reliable. >> The bug I described makes instant messaging with OTR unreliable, because >> one can't be certain all the messages sent can be read. >> > > It is still reliable, in that when the user comes online, OTR kickstarts > and (assuming the queue didnt fill up) will detect unreadable messages, > and will perform a resend. I know this works fine for me. If you send me > a message when offline, when I come online, gaim-otr detects an unreadable > message re-initiates otr. The gaim on the other end will then resend the > message. > > So, I think you are being bitten by a Miranda specific bug. Feel free to > install Gaim for windows and proof me wrong (at letoams@jabber.xs4all.nl) > > Paul > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > > From paul@cypherpunks.ca Sat May 26 22:07:36 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Sat, 26 May 2007 17:07:36 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <46578A6F.1010708@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> Message-ID: On Sat, 26 May 2007, Tim wrote: > ok, I installed Pidgin and OTR for Windows and added you - let's see if > it works. I'm at home later for testing. > What will happen when you send me messages I can't decrypt and then you > go offline? - no chance for a resent then. That's a pretty uncommon race condition, since the OTR resend actually happens instantly. The only case in which this is a problem is when both users keep sending a single message to the other user who is offline. In any other case, the new OTR request plus the resend works fine. I am not sure how you propose to "patch" this, without storing plaintext messages on other servers, which is just not acceptable from a security point of view. Any "fallback to plaintext" can be abused by an attacker to disable OTR. Paul From timg10@gmx.net Tue May 29 12:00:56 2007 From: timg10@gmx.net (Tim) Date: Tue, 29 May 2007 13:00:56 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> Message-ID: <465C07E8.90608@gmx.net> Paul Wouters schrieb: > That's a pretty uncommon race condition, since the OTR resend actually happens > instantly. The only case in which this is a problem is when both users keep > sending a single message to the other user who is offline. In any other case, > the new OTR request plus the resend works fine. > > I am not sure how you propose to "patch" this, without storing plaintext > messages on other servers, which is just not acceptable from a security > point of view. Any "fallback to plaintext" can be abused by an attacker > to disable OTR. > > Paul > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > Do I understand this correctly? If I go offline, your Gaim OTR will wait with the resend, until I go back online? What will happen to the message when I remain offline for, say, a week? This might well happen when my internet connection fails.You certainly will go offline in between. If you stay online: What will happen if I change the client? For example if I'm chatting at my home PC, which has OTR installed, and then my connection gets interrupted. Later I go back online with another client on another PC (for example with ICQ2go at work), which doesn't have OTR capabilities. Then your Gaim will send me the message encrypted and I can't read it. About the "fallback to plaintext" security problem: You get a message when the session stopped and further messages will be sent in plaintext, don't you? So you know that you shouldn't send any sensitive information anymore. Tim From paul@cypherpunks.ca Tue May 29 14:08:16 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Tue, 29 May 2007 09:08:16 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <465C07E8.90608@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> Message-ID: On Tue, 29 May 2007, Tim wrote: > Do I understand this correctly? If I go offline, your Gaim OTR will wait > with the resend, until I go back online? the message will be "sent" according to gaim, but stored on he IM server. once you come back and obtain the unreadable message, gaim will renegotiate and resend. > What will happen to the message > when I remain offline for, say, a week? This might well happen when my > internet connection fails.You certainly will go offline in between. I believe as long as gaim is running, and the otr sessions has not been closed , it can resend the last message (or last few). > If you stay online: What will happen if I change the client? For example > if I'm chatting at my home PC, which has OTR installed, and then my > connection gets interrupted. Later I go back online with another client > on another PC (for example with ICQ2go at work), which doesn't have OTR > capabilities. Then your Gaim will send me the message encrypted and I > can't read it. There will always be ways to shoot yourself in the foot. There are many more scenarios I can come up where you might lose a message. However in practise, this never happens to me. I don't use "web clients" (which per definition, need to obtain your plaintext message, so you can never use OTR with then), and I don't use IM clients that do not support OTR. > About the "fallback to plaintext" security problem: You get a message > when the session stopped and further messages will be sent in plaintext, > don't you? So you know that you shouldn't send any sensitive information > anymore. Now picture I am Alice, and I'm blocking all your encrypted IM's, but not your plaintext ones. How religious are you with "not sending sensitive information"? OTR already supports not leaking plaintext messages in its current mechanisms. I am not sure what kind of "patch" you were suggesting to make to otr. You tell me? Paul From mail@scottellis.com.au Tue May 29 14:13:55 2007 From: mail@scottellis.com.au (Scott Ellis) Date: Tue, 29 May 2007 23:13:55 +1000 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> Message-ID: <96e269140705290613i2c6f433ak793bb6662354c2f@mail.gmail.com> ------=_Part_120428_13086123.1180444435669 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline yeah i think gaim can go offline/online fine, and the resend works for that....but i don't think that happens if you actually exit gaim - that causes loss of session keys and makes the sent message unreadable because i can't find a reliable way of sending a message before a protocol goes offline (and btw i don't think that's 100% doable even for gaim - e.g. OS shutdown) - and i don't really want to anyway as i explained previously - i have used a 'broader interpretation' of the spec to include a user going offline as an indication that the session is over and therefore a reason to move into the 'finished' state. the only real problem with this as i think Ian mentioned is that an attacker who can mess with your online status can stop the session - which i think is a small price to pay to avoid usability issues which are significant to some people using two gaim instances is no guarantee it's a miranda bug - two miranda instances work fine together too. it's a matter of interpretation of the specification...there are a number of problems i outlined in previous mails with gaim's interpretation, and imo less problems with miranda's On 5/26/07, Paul Wouters wrote: > > On Fri, 25 May 2007, Tim wrote: > > > I assume the same thing will happen if both communication partners use > > Gaim. If communication partner now looses his internet connection and > > then exits Gaim, he will lose the session keys as well and thus his > > offline messages. > > > > In my opinion a message transport protocol should above all be reliable. > > The bug I described makes instant messaging with OTR unreliable, because > > one can't be certain all the messages sent can be read. > > It is still reliable, in that when the user comes online, OTR kickstarts > and (assuming the queue didnt fill up) will detect unreadable messages, > and will perform a resend. I know this works fine for me. If you send me > a message when offline, when I come online, gaim-otr detects an unreadable > message re-initiates otr. The gaim on the other end will then resend the > message. > > So, I think you are being bitten by a Miranda specific bug. Feel free to > install Gaim for windows and proof me wrong (at letoams@jabber.xs4all.nl) > > Paul > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > ------=_Part_120428_13086123.1180444435669 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline yeah i think gaim can go offline/online fine, and the resend  works for that....but i don't think that happens if you actually exit gaim - that causes loss of session keys and makes the sent message unreadable

because i can't find a reliable way of sending a message before a protocol goes offline (and btw i don't think that's 100% doable even for gaim - e.g. OS shutdown) - and i don't really want to anyway as i explained previously - i have used a 'broader interpretation' of the spec to include a user going offline as an indication that the session is over and therefore a reason to move into the 'finished' state. the only real problem with this as i think Ian mentioned is that an attacker who can mess with your online status can stop the session - which i think is a small price to pay to avoid usability issues which are significant to some people

using two gaim instances is no guarantee it's a miranda bug - two miranda instances work fine together too. it's a matter of interpretation of the specification...there are a number of problems i outlined in previous mails with gaim's interpretation, and imo less problems with miranda's


On 5/26/07, Paul Wouters <paul@cypherpunks.ca > wrote:
On Fri, 25 May 2007, Tim wrote:

> I assume the same thing will happen if both communication partners use
> Gaim. If communication partner now looses his internet connection and
> then exits Gaim, he will lose the session keys as well and thus his
> offline messages.
>
> In my opinion a message transport protocol should above all be reliable.
> The bug I described makes instant messaging with OTR unreliable, because
> one can't be certain all the messages sent can be read.

It is still reliable, in that when the user comes online, OTR kickstarts
and (assuming the queue didnt fill up) will detect unreadable messages,
and will perform a resend. I know this works fine for me. If you send me
a message when offline, when I come online, gaim-otr detects an unreadable
message re-initiates otr. The gaim on the other end will then resend the
message.

So, I think you are being bitten by a Miranda specific bug. Feel free to
install Gaim for windows and proof me wrong (at letoams@jabber.xs4all.nl)

Paul
_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev

------=_Part_120428_13086123.1180444435669-- From timg10@gmx.net Tue May 29 14:49:06 2007 From: timg10@gmx.net (Tim) Date: Tue, 29 May 2007 15:49:06 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> Message-ID: <465C2F52.7070300@gmx.net> > > I am not sure what kind of "patch" you were suggesting to make to otr. You tell > me? > The patch I suggest is to make the Gaim plugin behave like Scott's Miranda plugin: Scenario: - Alice is chatting with Bob, OTR encrypted. - Bob goes offline, but doesn't send the "OTR session termination"-message. (He's using Miranda or his Gaim plugin didn't manage to send the message for one of the reasons mentioned before). Old behaviour: - Alice continues sending encrypted messages, which Bob can't read afterwards. (She doesn't notice that!) New behaviour: - Alice's Gaim plugin terminates the OTR session on its own, though it didn't receive the termination-message from Bob. (It notifies Alice that the encrypted session has ended, so she doesn't send any sensitive information any more.) If you really don't like this new behaviour, I suggest at least: New behaviour B: - Alice's OTR plugin displays her a warning: "Your communication partner went offline and will likely be unable to read any further OTR-encrypted messages. To terminate the OTR session right-click the OTR button and select "end session"". Tim From paul@cypherpunks.ca Tue May 29 16:03:42 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Tue, 29 May 2007 11:03:42 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <96e269140705290613i2c6f433ak793bb6662354c2f@mail.gmail.com> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <96e269140705290613i2c6f433ak793bb6662354c2f@mail.gmail.com> Message-ID: On Tue, 29 May 2007, Scott Ellis wrote: > using two gaim instances is no guarantee it's a miranda bug - two miranda > instances work fine together too. it's a matter of interpretation of the > specification...there are a number of problems i outlined in previous mails > with gaim's interpretation, and imo less problems with miranda's Ok, here is the log of gaim talking to mirande and one user going offline: (10:51:23 AM) letoams@xs: ok, let's try it (10:51:31 AM) eisbaer@jabber.ccc.de: ok, I'll exit Miranda (10:51:42 AM) eisbaer@jabber.ccc.de: send me a few messages then [ user goes offline ] (10:51:51 AM) letoams@xs: oki (10:51:56 AM) letoams@xs: message 2 (10:51:58 AM) letoams@xs: message 3 (10:52:01 AM) letoams@xs: message 4 [ user comes online ] (10:53:23 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [ok] (10:53:32 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [I received the follwing:] (10:53:46 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [16:53:11 Paul Wouters: [OTR Message] The encrypted message received from Paul Wouters is unreadable, as you are not currently communicating privately. 16:53:11 Paul Wouters: [OTR Message] The encrypted message received from Paul Wouters is unreadable, as you are not currently communicating privately. 16:53:11 Paul Wouters: [OTR Message] The encrypted message received from Paul Wouters is unreadable, as you are not currently communicating privately. 16:53:11 Paul Wouters: [OTR Message] The encrypted message received from Paul Wouters is unreadable, as you are not currently communicating privately. ] (10:53:51 AM) letoams@xs: correct (10:53:53 AM) OTR Error: You sent encrypted data to OTR, who wasn't expecting it. (10:54:00 AM) Attempting to refresh the private conversation with eisbaer@jabber.ccc.de/Miranda... (10:54:01 AM) Successfully refreshed the unverified conversation with eisbaer@jabber.ccc.de/Miranda. (10:54:01 AM) The last message to eisbaer@jabber.ccc.de was resent. (10:54:03 AM) OTR Error: You sent encrypted data to OTR, who wasn't expecting it. [ This is the part I don't understand : we refreshed, so why isnt Mirande understanding this message? ] (10:54:08 AM) Successfully refreshed the unverified conversation with eisbaer@jabber.ccc.de/Miranda. (10:54:08 AM) The last message to eisbaer@jabber.ccc.de was resent. (10:54:10 AM) OTR Error: You sent encrypted data to OTR, who wasn't expecting it. (10:54:33 AM) The last message to eisbaer@jabber.ccc.de was resent. (10:54:37 AM) Private conversation with eisbaer@jabber.ccc.de/Miranda lost. [ Here I "end private communication" ] (10:54:39 AM) Attempting to start a private conversation with eisbaer@jabber.ccc.de/Miranda... (10:54:48 AM) letoams@xs: ok that's a miranda bug AFAIK (10:54:49 AM) Unverified conversation with eisbaer@jabber.ccc.de/Miranda started. (10:54:51 AM) Successfully refreshed the unverified conversation with eisbaer@jabber.ccc.de/Miranda. (10:54:56 AM) eisbaer@jabber.ccc.de: I even got some more error messages after going back online (10:55:11 AM) letoams@xs: with gaim-otr this works fine [ and only now does it work privately again ] The same user with gaim to my gaim: (10:58:44 AM) letoams@xs: ok let's do it with gaim too (10:59:21 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [so] (10:59:35 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [btw: I was too lazy to copy the keys from Miranda] (10:59:41 AM) letoams@xs: testing 1 2 3 (10:59:41 AM) OTR Error: You sent encrypted data to Eisbaer@jabber.ccc.de/Gaim, who wasn't expecting it. (10:59:52 AM) Unverified conversation with eisbaer@jabber.ccc.de/Gaim started. (10:59:52 AM) The last message to eisbaer@jabber.ccc.de was resent. (10:59:52 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [so I'll have a new Key ID] (11:00:00 AM) letoams@xs: testing 4 5 6 (11:00:08 AM) eisbaer@jabber.ccc.de: now it's ok With a longer offline period, we got: (11:02:08 AM) eisbaer@jabber.ccc.de: I'll exit Pidgin, you go on sending me messages, ok? (11:02:28 AM) eisbaer@jabber.ccc.de: send 10 messages or so, just to be sure ;) (11:02:33 AM) letoams@xs: ok (11:02:40 AM) letoams@xs: I'll keep typing :) (11:02:46 AM) letoams@xs: and more (11:02:50 AM) letoams@xs: and more (11:02:55 AM) letoams@xs: I do notice now you are offline btw (11:04:16 AM) OTR Error: You sent encrypted data to Eisbaer@jabber.ccc.de/Gaim, who wasn't expecting it. (11:04:16 AM) OTR Error: You sent encrypted data to Eisbaer@jabber.ccc.de/Gaim, who wasn't expecting it. (11:04:16 AM) OTR Error: You sent encrypted data to Eisbaer@jabber.ccc.de/Gaim, who wasn't expecting it. (11:04:20 AM) OTR Error: You sent encrypted data to Eisbaer@jabber.ccc.de/Gaim, who wasn't expecting it. (11:04:38 AM) Successfully refreshed the unverified conversation with eisbaer@jabber.ccc.de/Gaim. (11:04:50 AM) The following message received from eisbaer@jabber.ccc.de was not encrypted: [hmm, these messages are unreadable as well] (11:04:53 AM) letoams@xs: hmm no resends now? (11:04:59 AM) eisbaer@jabber.ccc.de: not yet (11:05:16 AM) letoams@xs: is this miranda? (11:05:19 AM) eisbaer@jabber.ccc.de: (17:01:41) Paul Wouters: The encrypted message received from letoams@jabber.xs4all.nl is unreadable, as you are not currently communicating privately. (17:04:06) The encrypted message received from letoams@jabber.xs4all.nl is unreadable, as you are not currently communicating privately. (17:04:06) The encrypted message received from letoams@jabber.xs4all.nl is unreadable, as you are not currently communicating privately. (17:04:07) The encrypted message received from letoams@jabber.xs4all.nl is unreadable, as you are not currently communicating privately. (17:04:34) Tim: hmm, these messages are unreadable as well (11:05:28 AM) eisbaer@jabber.ccc.de: no, it's Pidgin 2.0 (11:05:36 AM) eisbaer@jabber.ccc.de: (formerly known as Gaim ;) ) (11:06:02 AM) eisbaer@jabber.ccc.de: I didn't close the message window (11:06:15 AM) letoams@xs: hmm (11:06:23 AM) letoams@xs: I guess needs needs more test cases :) Here we don't see any "resends". I am not sure why. Paul From paul@cypherpunks.ca Tue May 29 16:09:22 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Tue, 29 May 2007 11:09:22 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <465C2F52.7070300@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> Message-ID: On Tue, 29 May 2007, Tim wrote: > New behaviour: > - Alice's Gaim plugin terminates the OTR session on its own, though it > didn't receive the termination-message from Bob. (It notifies Alice that > the encrypted session has ended, so she doesn't send any sensitive > information any more.) Going offline and online doesnt mean you cannot read those messages anymore. Only when you change your client when logging in from home to work or restart your IM client, will that happen. Two clients in OTR should be able to send and receive messages despite going online and offline. > If you really don't like this new behaviour, I suggest at least: > New behaviour B: > - Alice's OTR plugin displays her a warning: "Your communication partner > went offline and will likely be unable to read any further OTR-encrypted > messages. To terminate the OTR session right-click the OTR button and > select "end session"". But that is simply not true. Most network outages that don't involve any of the two partners to change/restart their IM client will keep working fine. Paul From timg10@gmx.net Tue May 29 17:29:19 2007 From: timg10@gmx.net (Tim) Date: Tue, 29 May 2007 18:29:19 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> Message-ID: <465C54DF.3080901@gmx.net> Paul Wouters schrieb: > On Tue, 29 May 2007, Tim wrote: > > >> New behaviour: >> - Alice's Gaim plugin terminates the OTR session on its own, though it >> didn't receive the termination-message from Bob. (It notifies Alice that >> the encrypted session has ended, so she doesn't send any sensitive >> information any more.) >> > > Going offline and online doesnt mean you cannot read those messages anymore. > Only when you change your client when logging in from home to work or > restart your IM client, will that happen. Two clients in OTR should be > able to send and receive messages despite going online and offline. > > >> If you really don't like this new behaviour, I suggest at least: >> New behaviour B: >> - Alice's OTR plugin displays her a warning: "Your communication partner >> went offline and will likely be unable to read any further OTR-encrypted >> messages. To terminate the OTR session right-click the OTR button and >> select "end session"". >> > > But that is simply not true. Most network outages that don't involve any of > the two partners to change/restart their IM client will keep working fine. > > Paul > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > > Exiting the client is what I mean with "going offline". I'm certain, that most people exit their client instead of going offline and letting the client running. Why should they? So most people will lose their session key when they "go offline". From mail@scottellis.com.au Wed May 30 01:16:59 2007 From: mail@scottellis.com.au (Scott Ellis) Date: Wed, 30 May 2007 10:16:59 +1000 Subject: [OTR-dev] session termination In-Reply-To: <465C54DF.3080901@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> Message-ID: <96e269140705291716w4d517b95vd015455d8a585323@mail.gmail.com> ------=_Part_126861_17952175.1180484219352 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline i think the part you don't understand may be just timing - see below >> If you really don't like this new behaviour, I suggest at least: >> New behaviour B: >> - Alice's OTR plugin displays her a warning: "Your communication partner >> went offline and will likely be unable to read any further OTR-encrypted >> messages. To terminate the OTR session right-click the OTR button and >> select "end session"". >> > > But that is simply not true. Most network outages that don't involve any of > the two partners to change/restart their IM client will keep working fine. i don't' think the problems users are having are caused by network outages. much more often they are caused by sending offline messages to people who really have exited their IM client - it seems to be the 'long time offline' issue you discovered above from libotr: /* How old are messages allowed to be in order to be candidates for * resending in response to a rekey? */ #define RESEND_INTERVAL 60 assuming that's seconds, the resend method is pretty useless in overcoming the majority of cases where users go offline - e.g. twice a day i'm offline when moving my laptop from work to home and visa versa what about adding an option in gaim to terminate sessions when contacts go offline? ------=_Part_126861_17952175.1180484219352 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline i think the part you don't understand may be just timing - see below

>> If you really don't like this new behaviour, I suggest at least:
>> New behaviour B:
>> - Alice's OTR plugin displays her a warning: "Your communication partner
>> went offline and will likely be unable to read any further OTR-encrypted
>> messages. To terminate the OTR session right-click the OTR button and
>> select "end session"".
>>
>
> But that is simply not true. Most network outages that don't involve any of
> the two partners to change/restart their IM client will keep working fine.

i don't' think the problems users are having are caused by network outages. much more often they are caused by sending offline messages to people who really have exited their IM client - it seems to be the 'long time offline' issue you discovered above

from libotr:
/* How old are messages allowed to be in order to be candidates for
 * resending in response to a rekey? */
#define RESEND_INTERVAL 60

assuming that's seconds, the resend method is pretty useless in overcoming the majority of cases where users go offline - e.g. twice a day i'm offline when moving my laptop from work to home and visa versa

what about adding an option in gaim to terminate sessions when contacts go offline?
------=_Part_126861_17952175.1180484219352-- From paul@cypherpunks.ca Wed May 30 06:20:44 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Wed, 30 May 2007 01:20:44 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <465C54DF.3080901@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> Message-ID: On Tue, 29 May 2007, Tim wrote: > Exiting the client is what I mean with "going offline". I'm certain, > that most people exit their client instead of going offline and letting > the client running. Why should they? They just close the lid of their laptop. Why would they need to close the application? Or they leave their desktop all the time. Do people really turn on their computer 3 times a day? Paul From timg10@gmx.net Wed May 30 10:14:44 2007 From: timg10@gmx.net (Tim) Date: Wed, 30 May 2007 11:14:44 +0200 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> Message-ID: <465D4084.10409@gmx.net> Paul Wouters schrieb: > On Tue, 29 May 2007, Tim wrote: > > >> Exiting the client is what I mean with "going offline". I'm certain, >> that most people exit their client instead of going offline and letting >> the client running. Why should they? >> > > They just close the lid of their laptop. Why would they need to close > the application? > > Or they leave their desktop all the time. > > Do people really turn on their computer 3 times a day? > > Paul > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > > Yes they do. Even more often than 3 times a day. If I'm not using my PC, I always turn it off. Leaving it on all the time is a waste of energy and it makes annoying sounds. There is only one person I know who leaves his PC on all the time. You just gave another example of Gaim being unable to send a "session termination" -message: If you do close your laptop's lid, it sends your laptop to standby or hibernation mode. Gaim won't notice that early enough to terminate the session. And you usually won't reopen your laptop within 60 seconds or whatever Gaim's limit for resending messages is. Besides that: Even if I left my PC on all day, I wouldn't want to have my Instant Messager running all the time - too distracting. If I'm not using a program, I exit it. Why would I let it use up ressources for nothing? Do you leave your office program running when you just had to type a small letter in the morning and then don't need it any more? Tim From jelwell@singleclick.com Wed May 30 19:43:19 2007 From: jelwell@singleclick.com (Joseph Elwell) Date: Wed, 30 May 2007 11:43:19 -0700 Subject: [OTR-dev] session termination In-Reply-To: <465D4084.10409@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> <465D4084.10409@gmx.net> Message-ID: <48C81888-D241-46C0-BB9A-B495D90FF33F@singleclick.com> > > You just gave another example of Gaim being unable to send a "session > termination" -message: If you do close your laptop's lid, it sends > your > laptop to standby or hibernation mode. Gaim won't notice that early > enough to terminate the session. And you usually won't reopen your > laptop within 60 seconds or whatever Gaim's limit for resending > messages is. > > Tim > I close my laptop 2 to 3 times a day. Once in the morning when I leave for work. Once in the afternoon when I leave for home. And, sometimes, a third time when head to a friend's house or close it for the night. However, I use OTR Proxy on Mac OS X (so no gaim). Most of the time I reopen my laptop and I need to restart OTR Proxy (although this doesn't always work either). Often times 5 or 6 restarts won't get OTR Proxy to work. It's as if the Mac has the port stuck and won't let OTR Proxy have access to the port. Joseph Elwell. From paul@cypherpunks.ca Thu May 31 00:11:45 2007 From: paul@cypherpunks.ca (Paul Wouters) Date: Wed, 30 May 2007 19:11:45 -0400 (EDT) Subject: [OTR-dev] session termination In-Reply-To: <465D4084.10409@gmx.net> References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> <465D4084.10409@gmx.net> Message-ID: On Wed, 30 May 2007, Tim wrote: > You just gave another example of Gaim being unable to send a "session > termination" -message: If you do close your laptop's lid, it sends your > laptop to standby or hibernation mode. Gaim won't notice that early > enough to terminate the session. And you usually won't reopen your > laptop within 60 seconds or whatever Gaim's limit for resending messages is. Actually, the OS should signal the application just before going to hibernation. I am not sure if Linux does this properly, but I think Adium on OSX properly handles this. (Note it takes a few seconds after you closed the lid on OSX before the LED goes flashing - that's your machine doing stuff related to preparing to hibernate). > Besides that: Even if I left my PC on all day, I wouldn't want to have > my Instant Messager running all the time - too distracting. If I'm not > using a program, I exit it. Why would I let it use up ressources for > nothing? Do you leave your office program running when you just had to > type a small letter in the morning and then don't need it any more? Yes I do :) Paul -- Building and integrating Virtual Private Networks with Openswan: http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 From evan.s@dreskin.net Thu May 31 01:18:15 2007 From: evan.s@dreskin.net (Evan Schoenberg) Date: Wed, 30 May 2007 20:18:15 -0400 Subject: [OTR-dev] session termination In-Reply-To: References: <4656B312.4060604@gmx.net> <46571439.6050309@gmx.net> <46578A6F.1010708@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> <465D4084.10409@gmx.net> Message-ID: <748932C0-3A1B-4A61-ADD4-F69A090885F0@dreskin.net> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-18-400032831 Content-Type: multipart/alternative; boundary=Apple-Mail-17-400032712 --Apple-Mail-17-400032712 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On May 30, 2007, at 7:11 PM, Paul Wouters wrote: > Actually, the OS should signal the application just before going to > hibernation. I am not sure if Linux does this properly, but I think > Adium on OSX properly handles this The Adium bit is partially true. Adium receives a "will sleep" notification, responds with "wait until I say so", disconnects all accounts, then says "okay, proceed with sleep". When Adium was using gaim-otr, from Adium 0.80 through Adium 1.0, this led to proper behavior, as the signed-on and signed-off signals are used by gaim-otr as described. I nearly replied, "Yes, Adium does this properly," but a nagging feeling made me check the Adium 1.0 + code... and when I ported gaim-otr to being an Objective-C Adium component for 1.0, that bit didn't get carried over. I've put it on my to-do list for Adium... I'm glad that came up in discussion :) -Evan --Apple-Mail-17-400032712 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=ISO-8859-1
On May 30, 2007, = at 7:11 PM, Paul Wouters wrote:

Actually, the OS should = signal the application just before going to

hibernation. I am not sure if Linux = does this properly, but I think

Adium on OSX properly handles this

=

The Adium bit is partially true.=A0 =A0Adium = receives a "will sleep" notification, responds with "wait until I say = so", disconnects all accounts, then says "okay, proceed with = sleep".=A0=A0

When Adium was using = gaim-otr, from Adium 0.80 through Adium 1.0, this led to proper = behavior, as the signed-on and signed-off signals are used by gaim-otr = as described.=A0 I nearly replied, "Yes, Adium does this properly," but = a nagging feeling made me check the Adium 1.0+ code... and when I ported = gaim-otr to being an Objective-C Adium component for 1.0, that bit = didn't get carried over.=A0 I've put it on my to-do list for Adium... = I'm glad that came up in discussion :)

-Evan

= --Apple-Mail-17-400032712-- --Apple-Mail-18-400032831 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFGXhRII5gp6xQhrvcRAlWfAKClAgN5JE7chimCSWs35xsGZMd2wgCfTTPi pkGkW0IZVXbByW91L/l7msU= =YKGh -----END PGP SIGNATURE----- --Apple-Mail-18-400032831-- From marti@juffo.org Thu May 31 06:37:32 2007 From: marti@juffo.org (Marti Raudsepp) Date: Thu, 31 May 2007 08:37:32 +0300 Subject: [OTR-dev] session termination In-Reply-To: <48C81888-D241-46C0-BB9A-B495D90FF33F@singleclick.com> References: <4656B312.4060604@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> <465D4084.10409@gmx.net> <48C81888-D241-46C0-BB9A-B495D90FF33F@singleclick.com> Message-ID: <2a12af650705302237u2151fae8jfe148ae0721ac957@mail.gmail.com> On 5/30/07, Joseph Elwell wrote: > It's as if the Mac has the port stuck and won't > let OTR Proxy have access to the port. I haven't followed the rest of this discussion, but this problem seems similar to what happens on Linux -- connections will remain in TIME_WAIT state for some time after they have been disconnected, and this prevents programs from binding to any of the ports used by the connection. There's a cure for it -- SO_REUSEADDR. If you can be bothered, you might want to try if setting it before binding the socket. Marti From donny.viszneki@gmail.com Thu May 31 21:38:15 2007 From: donny.viszneki@gmail.com (Donny Viszneki) Date: Thu, 31 May 2007 16:38:15 -0400 Subject: [OTR-dev] session termination In-Reply-To: <2a12af650705302237u2151fae8jfe148ae0721ac957@mail.gmail.com> References: <4656B312.4060604@gmx.net> <465C07E8.90608@gmx.net> <465C2F52.7070300@gmx.net> <465C54DF.3080901@gmx.net> <465D4084.10409@gmx.net> <48C81888-D241-46C0-BB9A-B495D90FF33F@singleclick.com> <2a12af650705302237u2151fae8jfe148ae0721ac957@mail.gmail.com> Message-ID: <44acbb800705311338u23c36496la2a3a43f4de06909@mail.gmail.com> TWICE I thought I had sent this to the list, and twice I had only sent it to individual posters on the mailing list ("reply ot all" was the default reply behavior on my previous mail client.) > Currently the miranda plugin is using the alternative method and does not > send an OTR termination message when going offline (which is the source of > the bug). I wouldn't necessarily describe this as a "bug," nor would I describe the miranda plugin as the source of it. I would describe this as an acceptable, even preferable, design limitation of OTR. The real "source" of the problem is -- it seems to me -- latency and/or unavailability of the networking substrate underlying the channel over which both encrypted discussion, and negotiation of discussion sessions take place. In the case of OTR, this is usually an instant messaging service, but it's worth noting that in actuality it could be any medium over which arbitrary text can be exchanged between users. Consider this: What if a Miranda user is suddenly disconnected from their instant messaging service or the internet? What if your client or computer crashes? What happens to encrypted messages that are sent to you? Case 1: If the IM service doesn't wait for any sort of message receipt, those messages disappear into the ether (this is the case on AOL/AIM, and IRC.) Case 2: The IM service does expect a message receipt, and eventually returns an error to the sender of the message, telling them that their message didn't make it. Case 3: The IM service both waits for message receipt, AND queues its users' messages for them so that they can receive messages sent in their absence once they reconnect. (This is the case on many Jabber servers. GTalk once was case 1, now it too is case 3. And ICQ was once case 3, but I don't know what they do since AOL got them.) The common occurance of this "error" is caused by a Case 3 service, in this type of service there exists a unique potential for extreme latency on the networking substrate. It happens because you end up with an asymmetrical OTR state between two individuals; that is, one user believes there is still an OTR session, and the other user does not. I get these "Unreadable message" errors about a couple times a week using Jabber, and I accept it because I _understand_ three things: One, that on a Case 1 IM service the unreadable OTR messages will simply disappear into the ether. Two, that OTR is itself a sort of point-to-point IM service tunneled through another IM service. Three, that this message ought to have disappeared into the ether, because OTR is -- for good reason -- not a Case 3 service. So what seems like an error message is actually just extra information: on most Case 1 services you simply would never have known that a message was sent to you that never got there because you weren't connected at the time. But because OTR is privy to the fact that there WAS a message that was lost, it tells you so. And most people don't understand that it's not an error, it's just extra information. I believe that making OTR a case 2 service is not out of the question. Perhaps OTR should be able to report to the user whether or not their messages are actually being received. This simply means waiting for an ACK after each message is sent. Some questions that may be relevant that I don't know the answer to: Can OTR messages during an encrypted session be received out of order? Will the messages be readable? Will OTR notice that they are out of order? I think a case 3 situation for OTR would be very inadvisable. To have OTR cache outgoing private messages so that it can re-deliver them in a possible future session in case they accidentally lost the current one seems to me to be a dangerous idea, counterproductive to the goal of privacy. In short, yes it is nice when OTR reacts when I disconnect from my IM services by telling my friends to end their OTR sessions. But because of complications that have already been mentioned on this mailing list (you don't receive "buddy-online" notifications for everyone you might want to use OTR with,) it really only helps avoid a very small number of "unreadable message" "errors." Best Solution, IMHO: Include an explanatory hyperlink, a la: (05:03:16 PM) Unverified conversation with someuser started. On 5/31/07, Marti Raudsepp wrote: > On 5/30/07, Joseph Elwell wrote: > > It's as if the Mac has the port stuck and won't > > let OTR Proxy have access to the port. > > I haven't followed the rest of this discussion, but this problem seems > similar to what happens on Linux -- connections will remain in > TIME_WAIT state for some time after they have been disconnected, and > this prevents programs from binding to any of the ports used by the > connection. There's a cure for it -- SO_REUSEADDR. > > If you can be bothered, you might want to try if setting it before > binding the socket. > > Marti > _______________________________________________ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev >