[OTR-dev] mpOTR: shutdown()

Arturo Filastò art at torproject.org
Wed Jul 18 17:35:34 EDT 2012


On 7/18/12 10:57 PM, Abel Luck wrote:
> Yes, unfortunately, that is unavoidable. Since shutdown() is so
> important, the client should definitely prioritize the shutdown.
>
> What sort of timeout do we want to use? This might depend on the group
> decides to initiate shutdown (see next).

I propose that is something to be negotiated during the initialization
phase.
The protocol provides support for other parameters to be agreed upon by the
chat members.

I think something like a 10 second timeout seems reasonable. I would not
set a default to anything below 5 seconds as this may create issues with
Tor Hidden Services.

>>> Question 2: How do clients decide to initiate Shutdown()? What happens
>>> if some clients initiate it but others do not?
>> The shutdown() is invoked when a participant wishes to leave the chat and
>> it requires everybody in the group chat to participate to such phase.
>>
>> It is blocking with respect to any member of the group.
> So, Alice wishes to leave and invokes shutdown(). Alice's client blocks
> until it completes. Every other participant receives the request and
> responds, likewise, their clients block until shutdown completes.
>
> How do we error out? What if the network of Alice is disrupted while
> blocking for a shutdown()? What if the network of another participant is
> disrupted while Alice is blocking? We need a similar timeout for the
> shutdown() phase.

This should follow the same timeout logic as above. If Alice is blocking
for more than negotiated_timeout seconds she will be excluded from the
Shutdown() phase.

The problem I guess here is agreeing on when the timeout has been
reached and
agreeing on the fact that Alice should no longer be part of the shutdown
phase.
Heh, now we have two problems :|.

> There are probably more error cases here than this too.
>
>> Question 3)
>> What happens if a person joins during the Setup phase?
> Been wondering the same myself. A similiar question is, what if the
> group decides Alice has left (due to timeouts), and is in the middle of
> a shutdown()+setup() when she joins back in. Can we just cancel the
> ongoing shutdown/setup and reuse the existing session?

Reusing an existing session will not work, because based on how far
down you are in the shutdown phase you may have already published your
ephimeral private keys.





More information about the OTR-dev mailing list