[OTR-dev] session termination

Paul Wouters paul at cypherpunks.ca
Sat May 26 17:07:36 EDT 2007


On Sat, 26 May 2007, Tim wrote:

> ok, I installed Pidgin and OTR for Windows and added you - let's see if
> it works.

I'm at home later for testing.

> What will happen when you send me messages I can't decrypt and then you
> go offline? - no chance for a resent then.

That's a pretty uncommon race condition, since the OTR resend actually happens
instantly. The only case in which this is a problem is when both users keep
sending a single message to the other user who is offline. In any other case,
the new OTR request plus the resend works fine.

I am not sure how you propose to "patch" this, without storing plaintext
messages on other servers, which is just not acceptable from a security
point of view. Any "fallback to plaintext" can be abused by an attacker
to disable OTR.

Paul



More information about the OTR-dev mailing list