[OTR-users] Conflict with gaim-encryption plugin

Ian Goldberg ian at cypherpunks.ca
Sun Oct 9 16:49:07 EDT 2005 

On Sun, Oct 09, 2005 at 04:03:40PM -0400, Joe Moschetti wrote:
> I'm using gaim 1.5.0 for windows and the latest version of the
> gaim-encryption plugin and the OTR plugin. When I attempt to use both
> plugins at the same time when talking to someone I get "OTR Error: You sent
> unencrypted data to jmoschetti45, who was expecting encrypted messages from
> you." on one end and "The following message received from jmoschetti46 was
> not encrypted: [test]" on the other. This only happens when I use both
> plugins at the same time. I believe that somewhat defies the point, but I
> was curious and wanted to try it. Any solutions?

gaim-encryption and gaim-otr both assume that no other plugin is going
to mess with its output.  gaim-encryption sends encrypted data directly
to the IM network, while gaim-otr sends protocol setup messages that way
(though it does pass data messages through whatever other plugins are
installed).  The result is that gaim-otr can set up a private channel,
but when you type a message, gaim-encryption will encrypt and send it
before gaim-otr has a chance to gets its hands on it.

So the other side will receive a gaim-encrypted message, which
gaim-encryption will decrypt to plaintext, and pass to the next plugin,
gaim-otr, which complains that it received plaintext when it expected
OTR-encrypted data.

[Note that this behaviour only appears if gaim-encryption is before
gaim-otr in gaim's internal plugin list; slightly different (but equally
nonsensical) behaviour occurs if it's in the other order.]

The solution?  As you might expect, Don't Do That, Then.  ;-)  It's not
like you're getting the benefits of both plugins; you're effectively
just using gaim-encryption.

In fact, even if both plugins *were* being used, and you ended up with
some sort of nested gaim-encryption of OTR-encryption, you *still* lose
over OTR alone, since the signature on the gaim-encryption layer will
defeat the deniability of the OTR layer.

Out of curiosity, is gaim-encryption useful in some way that gaim-otr
isn't?  I've only used it briefly (mainly in diagnosing problems like
this), but it seems that gaim-otr has a strict superset of the
functionality of gaim-encryption.  Is there a reason for two people who
have both to want to turn on gaim-encryption?

Thanks,

   - Ian

More information about the OTR-users mailing list