From jboehle@gmail.com Sat Oct 20 01:32:38 2007
From: jboehle@gmail.com (Jason Boehle)
Date: Fri, 19 Oct 2007 19:32:38 -0500
Subject: [OTR-users] OTR plugin for Microsoft Live Messenger
Message-ID: <6e6e16440710191732i6b1443c4h4c2361b5167be796@mail.gmail.com>
Has anyone written a plugin for OTR to work in Microsoft Live Messenger?
From ian@cypherpunks.ca Sat Oct 20 14:20:12 2007
From: ian@cypherpunks.ca (Ian Goldberg)
Date: Sat, 20 Oct 2007 09:20:12 -0400
Subject: [OTR-users] Ububtu package for pidgin-otr 3.1.0
Message-ID: <20071020132012.GU19610@yoink.cs.uwaterloo.ca>
Does anyone here have the ability (or know how) to get pidgin-otr 3.1.0
into Ubuntu? Apparently they released gutsy with 3.0.0 for some reason.
Thanks,
- Ian
From csturgess@fppartners.com Tue Oct 23 15:27:27 2007
From: csturgess@fppartners.com (Sturgess, Chris)
Date: Tue, 23 Oct 2007 10:27:27 -0400
Subject: [OTR-users] Cannot start private conversation
Message-ID: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C81580.D65A79F0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello,
I am unable to start a private conversation with another user. We are
both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the
OTR button, the message window says it's attempting to start the private
conversation with the user, but nothing happens afterwards. There isn't
anything of interest in debug window when clicking the button, so I'm
wondering if it's a network issue.
=20
How does OTR perform its initial handshake? Could it be one or both of
us have a port blocked that must be open?
=20
Thanks in advance for any help,
=20
Chris=20
**********************************************************************
CONFIDENTIALITY: This e-mail is confidential and/or legally privileged and =
is intended only for the use of the individual or entity named herein. If y=
ou are not the intended recipient, you are hereby notified that any disclos=
ure, copying, distribution, or the taking of any action in reliance on the =
contents of this e-mail is strictly prohibited. In this regard, if you have=
received this e-mail in error, please notify us by reply e-mail immediatel=
y and then delete this message from your system.
=20
Thank you for your cooperation.
**********************************************************************
------_=_NextPart_001_01C81580.D65A79F0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello,
I am unable to start a private conversation with another
user. We are both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clic=
king
the OTR button, the message window says it’s attempting to start the
private conversation with the user, but nothing happens afterwards. There i=
sn’t
anything of interest in debug window when clicking the button, so I’m
wondering if it’s a network issue.
How does OTR perform its initial handshake? Could it be =
one
or both of us have a port blocked that must be open?
Thanks in advance for any help,=
Chris
*********************=
*************************************************
CONFIDENTIALITY: This=
e-mail is confidential and/or legally privileged and is intended only for =
the use of the individual or entity named herein. If you are not the intend=
ed recipient, you are hereby notified that any disclosure, copying, distrib=
ution, or the taking of any action in reliance on the contents of this e-ma=
il is strictly prohibited. In this regard, if you have received this e-mail=
in error, please notify us by reply e-mail immediately and then delete thi=
s message from your system.
Thank you for your co=
operation.
*********************=
*************************************************
------_=_NextPart_001_01C81580.D65A79F0--
From paul@cypherpunks.ca Tue Oct 23 16:47:21 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Tue, 23 Oct 2007 11:47:21 -0400 (EDT)
Subject: [OTR-users] Cannot start private conversation
In-Reply-To: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com>
References: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com>
Message-ID:
On Tue, 23 Oct 2007, Sturgess, Chris wrote:
> I am unable to start a private conversation with another user. We are
> both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the
> OTR button, the message window says it's attempting to start the private
> conversation with the user, but nothing happens afterwards. There isn't
> anything of interest in debug window when clicking the button, so I'm
> wondering if it's a network issue.
>
>
>
> How does OTR perform its initial handshake? Could it be one or both of
> us have a port blocked that must be open?
The message is just a "text message", so if you can send plaintext IM's
you can send OTR messages.
Does the other user see any message? Perhaps the other end did install
the otr plugin, but not enable it in the plugin list? but that should
show to "the other user send you an OTR mesage, click here for more
information" dialog.
Paul
From csturgess@fppartners.com Tue Oct 23 17:03:19 2007
From: csturgess@fppartners.com (Sturgess, Chris)
Date: Tue, 23 Oct 2007 12:03:19 -0400
Subject: [OTR-users] Cannot start private conversation
References: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com>
Message-ID: <2E5558D37ADF8944A6B4A8C50266F243032268E3@matikos1.fppartners.com>
I've actually been trying starting the conversation with three different
users, and no one receives a message when another tries to start a
private conversation. Each user has the plugin enabled and has a private
key generated for their respective accounts.
Chris
-----Original Message-----
From: Paul Wouters [mailto:paul@cypherpunks.ca]
Sent: Tuesday, October 23, 2007 11:47 AM
To: Sturgess, Chris
Cc: otr-users@lists.cypherpunks.ca
Subject: Re: [OTR-users] Cannot start private conversation
On Tue, 23 Oct 2007, Sturgess, Chris wrote:
> I am unable to start a private conversation with another user. We are
> both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the
> OTR button, the message window says it's attempting to start the
private
> conversation with the user, but nothing happens afterwards. There
isn't
> anything of interest in debug window when clicking the button, so I'm
> wondering if it's a network issue.
>
>
>
> How does OTR perform its initial handshake? Could it be one or both of
> us have a port blocked that must be open?
The message is just a "text message", so if you can send plaintext IM's
you can send OTR messages.
Does the other user see any message? Perhaps the other end did install
the otr plugin, but not enable it in the plugin list? but that should
show to "the other user send you an OTR mesage, click here for more
information" dialog.
Paul
**********************************************************************
CONFIDENTIALITY: This e-mail is confidential and/or legally privileged and is intended only for the use of the individual or entity named herein. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. In this regard, if you have received this e-mail in error, please notify us by reply e-mail immediately and then delete this message from your system.
Thank you for your cooperation.
**********************************************************************
From jessicahu@yahoo.com Tue Oct 23 20:38:16 2007
From: jessicahu@yahoo.com (Jessica Hu)
Date: Tue, 23 Oct 2007 12:38:16 -0700 (PDT)
Subject: [OTR-users] Any OTR Messaging package for BlackBerry
Message-ID: <588788.27733.qm@web30205.mail.mud.yahoo.com>
It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From alex323@gmail.com Tue Oct 23 22:20:14 2007
From: alex323@gmail.com (Alex)
Date: Tue, 23 Oct 2007 17:20:14 -0400
Subject: [OTR-users] Deniability Fails?
Message-ID: <20071023172014.773fef3b@darwin>
--Sig_Ajg/wWGy3KouIke88zap54q
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
What if I were to carry on a private OTR conversation, and my ISP
logged everything that came out of my modem?
What if I had a client-server model protocol with OTR over to of it,
and the government plugged directly into my server? Is all data coming
out of that port then evidence? There is no way to say that someone
modified the message in transit. :(
--=20
Alex
--Sig_Ajg/wWGy3KouIke88zap54q
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQIVAwUBRx5lkkHccysgNMhYAQIYnRAAjJe0QLooyUAngzJuoWTBieqLON96Zuh7
8M4zNRot0SHf7a8TS3rUFlj82uJWpT2zUf5+wJzvGadYdTePxvnHIKbVD0jqKZDB
IzUzvYQQ11XeSf+Mak0g63aq3Aay/JuxWkXY9IW5W0l9az+0Ipul4gPLmqOYptvt
c99FKIpVi0elF1Bmp0yTBk850UmQws7Cx9r7+EOVlqUf7zJJI8b/U0Pnfo4+Wydd
eAA8GHG0EkGmGHRgDZ+mOFgdYERvSQfH/aa2N3Iho5utvpA5o/L/acMIrIlgOfP4
y/MhpAPj6+3dyXn8Cs+gvpNa8ObOultp7FgDZUTaF9bpROUbCBcRHZx43Nm05fPO
n6uuCdEHEi/cytDKxZABLqlqIw5Kwv8PGVdnqwrYnsaDfmncLDy3FFxe+qYMaOLd
oISO/My6gCX5piM7t97vhSVlO0PB5dD6XfAawY0jSIKEVv0SOK2CPnc1pby58SI6
wqcnfICSYEatC9WWdyUodv/9LVP9vKan+K8Y7loTlHrw0gUjb7v9wPeVrDCvCVmP
109CsuSHO40oGmE9U1MjLGPWr4iiIQb+uqcveqrTbEAbRujspq5FmT8AVOQ3zh7g
zIBr+DlyU8tkMIjx2S4pSLac1BM1iqP8bpYE2TdH5ru1cT3ibSzzO/PidteEVVYr
n6iy0FHsd4A=
=EN1e
-----END PGP SIGNATURE-----
--Sig_Ajg/wWGy3KouIke88zap54q--
From andreas@vollpfosten.org Tue Oct 23 22:51:09 2007
From: andreas@vollpfosten.org (Andreas Weber)
Date: Tue, 23 Oct 2007 23:51:09 +0200
Subject: [OTR-users] mICQ has been renamed to climm
Message-ID: <471E6CCD.6000901@vollpfosten.org>
Greetings,
on your homepage you mention mICQ as a client supporting OTR. It has
been renamed to "climm" due to legal problems though:
http://www.climm.org
hth
Andreas Weber
--
Note: No Microsoft programs were used in the creation or distribution of
this message. If you are using a Microsoft program to view this message,
be forewarned that I am not responsible for any harm you may encounter
as a result.
From kat@paip.net Wed Oct 24 00:36:05 2007
From: kat@paip.net (Kat Hanna)
Date: Tue, 23 Oct 2007 19:36:05 -0400 (EDT)
Subject: [OTR-users] Any OTR Messaging package for BlackBerry
In-Reply-To: <588788.27733.qm@web30205.mail.mud.yahoo.com>
References: <588788.27733.qm@web30205.mail.mud.yahoo.com>
Message-ID:
Unfortunately, no. I, for one, would love to see someone step up and do it,
though. :-)
On Tue, 23 Oct 2007, Jessica Hu wrote:
> It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks.
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________
> OTR-users mailing list
> OTR-users@lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
From paul@cypherpunks.ca Wed Oct 24 04:43:04 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Tue, 23 Oct 2007 23:43:04 -0400 (EDT)
Subject: [OTR-users] Any OTR Messaging package for BlackBerry
In-Reply-To: <588788.27733.qm@web30205.mail.mud.yahoo.com>
References: <588788.27733.qm@web30205.mail.mud.yahoo.com>
Message-ID:
On Tue, 23 Oct 2007, Jessica Hu wrote:
> It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks.
That would be cool. And one for Windows Mobile too :)
Though wasn't blackberry so well encrypted, that all semi professional
petty thieves were using it to encrypt their messaging? Though I
guess the BES owner would still be able to decrypt it all.
I wonder if a port to Java/JME would be the best way to get to
these platforms.
Paul
From paul@cypherpunks.ca Wed Oct 24 04:46:50 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Tue, 23 Oct 2007 23:46:50 -0400 (EDT)
Subject: [OTR-users] Deniability Fails?
In-Reply-To: <20071023172014.773fef3b@darwin>
References: <20071023172014.773fef3b@darwin>
Message-ID:
On Tue, 23 Oct 2007, Alex wrote:
> What if I were to carry on a private OTR conversation, and my ISP
> logged everything that came out of my modem?
>
> What if I had a client-server model protocol with OTR over to of it,
> and the government plugged directly into my server? Is all data coming
> out of that port then evidence? There is no way to say that someone
> modified the message in transit. :(
With full traffic analyses, that would indeed be hard. But it would
be easy to generate encrypted traffic that they wouldn't be able
to tell if it was IM traffic or not, leaving the way open again
that someone else said it instead of you. Eg using tor or some VPN
tunnel to the other end of the world.
Really, when you're in front of a judge, and the other party presents
all the decrypted IM messages, don't count on saying "it could have
been forged", regardless of whether all your internet traffic was
tapped or not. Judges don't like technology games at all.
Paul
From klhrevolution@yahoo.com Sat Oct 27 03:56:32 2007
From: klhrevolution@yahoo.com (Ken Hensley)
Date: Fri, 26 Oct 2007 19:56:32 -0700 (PDT)
Subject: [OTR-users] OTR Request (Message Notification)
Message-ID: <550596.4217.qm@web45616.mail.sp1.yahoo.com>
Sometimes I'm online and others on the buddy list are
not... So the messages I send they will not be able to
read & vice-versa.
Any chance of implementing this into otr if it is
possible ?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From paul@cypherpunks.ca Sun Oct 28 16:21:24 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Sun, 28 Oct 2007 11:21:24 -0400 (EDT)
Subject: [OTR-users] OTR Request (Message Notification)
In-Reply-To: <550596.4217.qm@web45616.mail.sp1.yahoo.com>
References: <550596.4217.qm@web45616.mail.sp1.yahoo.com>
Message-ID:
On Fri, 26 Oct 2007, Ken Hensley wrote:
> Sometimes I'm online and others on the buddy list are
> not... So the messages I send they will not be able to
> read & vice-versa.
>
> Any chance of implementing this into otr if it is
> possible ?
There are two reasons for them not being on the list.
Either they are really offline, or they have a temporary network
issue. If they are really offline, then you cannot talk to them
with OTR. Since OTR requires communication back and forth. You
cannot work around it because an attacker could then make it
appear to you the other user was online (and for example you
would be using the same key for all messaes instead of a new
key).
If the user has a glidge, and comes back online, you should
be able to automatically resume the conversation. With your
last message or two being resend.
Paul
From rmeden@gmail.com Mon Oct 29 16:29:49 2007
From: rmeden@gmail.com (Robert Eden)
Date: Mon, 29 Oct 2007 10:29:49 -0500
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References:
Message-ID:
------=_Part_1609_11445493.1193671789632
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
use OTR on Pidgin for AIM.
If I'm in a private conversation with someone and user #1 logs off, #2
still thinks the conversation is private.
If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of
clear text.
If #1 logs on from another computer, the first message is lost, but then
OTR resyncs with the new private key. (new computer also has OTR).
I think OTR should automatically "end-private-conversation" when a log off
message is received. What do others think?
Robert
------=_Part_1609_11445493.1193671789632
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
use OTR on Pidgin for AIM.
If I'm in a private conversation with someone and user #1 logs off, #2 still thinks the conversation is private.
If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of clear text.
If #1 logs on from another computer, the first message is lost,
but then OTR resyncs with the new private key. (new computer also has
OTR).
I think OTR should automatically "end-private-conversation" when a log off message is received. What do others think?
Robert
------=_Part_1609_11445493.1193671789632--
From paul@cypherpunks.ca Mon Oct 29 19:32:27 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Mon, 29 Oct 2007 14:32:27 -0400 (EDT)
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References:
Message-ID:
On Mon, 29 Oct 2007, Robert Eden wrote:
> If I'm in a private conversation with someone and user #1 logs off, #2
> still thinks the conversation is private.
>
> If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of
> clear text.
> If #1 logs on from another computer, the first message is lost, but then
> OTR resyncs with the new private key. (new computer also has OTR).
>
> I think OTR should automatically "end-private-conversation" when a log off
> message is received. What do others think?
A) Some logoffs hapen without sending a message (network disconnect)
B) no clear text may ever flow if we expect crypted.
C) there is no security on "log off" message, so an attacker could try
and force you to disable crypto.
The proper way to "log off" is to select "end private conversation", which
does what you edpect it to do. I am unsure why this is not done when one
actively sends a "log off" (go offline) with pidgin. Ian?
Paul
From rmeden@gmail.com Mon Oct 29 19:51:47 2007
From: rmeden@gmail.com (Robert Eden)
Date: Mon, 29 Oct 2007 13:51:47 -0500
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References:
Message-ID: <47262BC3.6000602@gmail.com>
On 10/29/2007 1:32 PM, Paul Wouters wrote:
> On Mon, 29 Oct 2007, Robert Eden wrote
>> If I'm in a private conversation with someone and user #1 logs off, #2
>> still thinks the conversation is private.
>>
>> If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of
>> clear text.
>> If #1 logs on from another computer, the first message is lost, but then
>> OTR resyncs with the new private key. (new computer also has OTR).
>>
>> I think OTR should automatically "end-private-conversation" when a log off
>> message is received. What do others think?
>>
>
> A) Some logoffs hapen without sending a message (network disconnect)
> B) no clear text may ever flow if we expect crypted.
> C) there is no security on "log off" message, so an attacker could try
> and force you to disable crypto.
>
> The proper way to "log off" is to select "end private conversation", which
> does what you edpect it to do. I am unsure why this is not done when one
> actively sends a "log off" (go offline) with pidgin. Ian?
>
> Paul
>
Well, the disconnected side is already gone.. the problem is the side
that stays up. I can see the problem with faking a logoff message.
Does Pidgin provide that sort of thing separate from the message
stream? If it does, auto end-conversation would be a nice feature. If
it doesn't, I agree that it's not worth the security risk.
Robert
From perrin@apotheon.com Mon Oct 29 22:06:46 2007
From: perrin@apotheon.com (Chad Perrin)
Date: Mon, 29 Oct 2007 15:06:46 -0600
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <47262BC3.6000602@gmail.com>
References: <47262BC3.6000602@gmail.com>
Message-ID: <20071029210646.GA85769@demeter.hydra>
On Mon, Oct 29, 2007 at 01:51:47PM -0500, Robert Eden wrote:
> On 10/29/2007 1:32 PM, Paul Wouters wrote:
> >
> >A) Some logoffs hapen without sending a message (network disconnect)
> >B) no clear text may ever flow if we expect crypted.
> >C) there is no security on "log off" message, so an attacker could try
> > and force you to disable crypto.
> >
> >The proper way to "log off" is to select "end private conversation", which
> >does what you edpect it to do. I am unsure why this is not done when one
> >actively sends a "log off" (go offline) with pidgin. Ian?
> >
> Well, the disconnected side is already gone.. the problem is the side
> that stays up. I can see the problem with faking a logoff message.
> Does Pidgin provide that sort of thing separate from the message
> stream? If it does, auto end-conversation would be a nice feature. If
> it doesn't, I agree that it's not worth the security risk.
Is there any reason this can't be handled in part on the side that
doesn't have the problem? For instance:
Foo and Bar are talking to one another in a "private" conversation.
Foo loses its connection, then reconnects.
Bar, unaware that Foo had a momentary network hiccup, blithely sends
its next encrypted message.
Foo receives the message and goes "Woah, this is encrypted."
Foo contacts Bar, saying "Hey, you, reconnect with me to start a new
private conversation."
Bar responds, saying "Holy cow, didn't realize you dropped off. Here's
the reconnect stuff. How many encrypted messages did you receive after
reconnecting?"
Foo says "One that I've noticed."
Bar resends it.
Voila, everyone's happy. Obviously, this is a very high-level view of a
re-handshake approach, and would require the clients to be able to
recognize the difference between encrypted and unencrypted messages.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
John Kenneth Galbraith: "If all else fails, immortality can always be
assured through spectacular error."
From ian@cypherpunks.ca Mon Oct 29 23:12:13 2007
From: ian@cypherpunks.ca (Ian Goldberg)
Date: Mon, 29 Oct 2007 18:12:13 -0400
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <20071029210646.GA85769@demeter.hydra>
References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra>
Message-ID: <20071029221213.GS6268@yoink.cs.uwaterloo.ca>
On Mon, Oct 29, 2007 at 03:06:46PM -0600, Chad Perrin wrote:
> Is there any reason this can't be handled in part on the side that
> doesn't have the problem? For instance:
>
> Foo and Bar are talking to one another in a "private" conversation.
>
> Foo loses its connection, then reconnects.
>
> Bar, unaware that Foo had a momentary network hiccup, blithely sends
> its next encrypted message.
>
> Foo receives the message and goes "Woah, this is encrypted."
>
> Foo contacts Bar, saying "Hey, you, reconnect with me to start a new
> private conversation."
>
> Bar responds, saying "Holy cow, didn't realize you dropped off. Here's
> the reconnect stuff. How many encrypted messages did you receive after
> reconnecting?"
>
> Foo says "One that I've noticed."
>
> Bar resends it.
>
> Voila, everyone's happy. Obviously, this is a very high-level view of a
> re-handshake approach, and would require the clients to be able to
> recognize the difference between encrypted and unencrypted messages.
That's pretty much exactly what happens now, except that there's no
"count"; clients only remember the last message they sent.
As to having pidgin send the FINISHED message when the user chooses "Log
off": that's perfectly sensible. It currently does it when the user
chooses "Quit". It's just that no one's ever asked for this before.
- Ian
From perrin@apotheon.com Mon Oct 29 23:54:13 2007
From: perrin@apotheon.com (Chad Perrin)
Date: Mon, 29 Oct 2007 16:54:13 -0600
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <20071029221213.GS6268@yoink.cs.uwaterloo.ca>
References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca>
Message-ID: <20071029225413.GA86888@demeter.hydra>
On Mon, Oct 29, 2007 at 06:12:13PM -0400, Ian Goldberg wrote:
> On Mon, Oct 29, 2007 at 03:06:46PM -0600, Chad Perrin wrote:
> >
> > Voila, everyone's happy. Obviously, this is a very high-level view of a
> > re-handshake approach, and would require the clients to be able to
> > recognize the difference between encrypted and unencrypted messages.
>
> That's pretty much exactly what happens now, except that there's no
> "count"; clients only remember the last message they sent.
>
> As to having pidgin send the FINISHED message when the user chooses "Log
> off": that's perfectly sensible. It currently does it when the user
> chooses "Quit". It's just that no one's ever asked for this before.
Was the problem in this case confined to use of a mobile client later,
then? I thought there was some kind of problem indicated with the
desktop client that had the OTR plugin, too -- though I suppose I may
have misread the complaint.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."
From mail@scottellis.com.au Tue Oct 30 00:01:40 2007
From: mail@scottellis.com.au (Scott Ellis)
Date: Tue, 30 Oct 2007 10:01:40 +1100
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <20071029225413.GA86888@demeter.hydra>
References:
<47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra>
<20071029221213.GS6268@yoink.cs.uwaterloo.ca>
<20071029225413.GA86888@demeter.hydra>
Message-ID: <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
------=_Part_8657_1025628.1193698900360
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
FYI - i've added three related options to the miranda plugin that users seem
to appreciate: an option to end sessions when the other end goes offline
(switch to FINISHED state), an option to end sessions when the message
window is closed (also switch to FINISHED) and a third option (with a
warning) to timeout finished sessions back to the PLAINTEXT state after a
certain amount of time. this can introduce some incompatibilities, but
there's no way to get miranda to send a message before a protocol goes
offline locally to terminate sessions 'properly'.
------=_Part_8657_1025628.1193698900360
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
FYI - i've added three related options to the miranda plugin that users seem to appreciate: an option to end sessions when the other end goes offline (switch to FINISHED state), an option to end sessions when the message window is closed (also switch to FINISHED) and a third option (with a warning) to timeout finished sessions back to the PLAINTEXT state after a certain amount of time. this can introduce some incompatibilities, but there's no way to get miranda to send a message before a protocol goes offline locally to terminate sessions 'properly'.
------=_Part_8657_1025628.1193698900360--
From rmeden@gmail.com Tue Oct 30 02:25:10 2007
From: rmeden@gmail.com (Robert Eden)
Date: Mon, 29 Oct 2007 20:25:10 -0500
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
References:
<47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra>
<20071029221213.GS6268@yoink.cs.uwaterloo.ca>
<20071029225413.GA86888@demeter.hydra>
<96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
Message-ID:
------=_Part_3930_9117084.1193707510697
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 10/29/07, Scott Ellis wrote:
>
> FYI - i've added three related options to the miranda plugin that users
> seem to appreciate: an option to end sessions when the other end goes
> offline (switch to FINISHED state), an option to end sessions when the
> message window is closed (also switch to FINISHED) and a third option (with
> a warning) to timeout finished sessions back to the PLAINTEXT state after a
> certain amount of time. this can introduce some incompatibilities, but
> there's no way to get miranda to send a message before a protocol goes
> offline locally to terminate sessions 'properly'.
>
If those options could be added to the pidgin plugin that would be perfect.
(send a FINISH request on exit)
Robert
------=_Part_3930_9117084.1193707510697
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 10/29/07, Scott Ellis <mail@scottellis.com.au> wrote:
FYI - i've added three related options to the miranda plugin that users seem to appreciate: an option to end sessions when the other end goes offline (switch to FINISHED state), an option to end sessions when the message window is closed (also switch to FINISHED) and a third option (with a warning) to timeout finished sessions back to the PLAINTEXT state after a certain amount of time. this can introduce some incompatibilities, but there's no way to get miranda to send a message before a protocol goes offline locally to terminate sessions 'properly'.
If those options could be added to the pidgin plugin that would be perfect. (send a FINISH request on exit)
Robert
------=_Part_3930_9117084.1193707510697--
From paul@cypherpunks.ca Wed Oct 31 00:00:20 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Tue, 30 Oct 2007 19:00:20 -0400 (EDT)
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <20071029210646.GA85769@demeter.hydra>
References:
<47262BC3.6000602@gmail.com>
<20071029210646.GA85769@demeter.hydra>
Message-ID:
On Mon, 29 Oct 2007, Chad Perrin wrote:
> Is there any reason this can't be handled in part on the side that
> doesn't have the problem? For instance:
[...]
> Bar responds, saying "Holy cow, didn't realize you dropped off. Here's
> the reconnect stuff. How many encrypted messages did you receive after
> reconnecting?"
It already is, but you cannot ask "how many messages did you miss". Protocols
like Jabber also can store a few messages on the server.
Paul
From paul@cypherpunks.ca Wed Oct 31 00:03:38 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Tue, 30 Oct 2007 19:03:38 -0400 (EDT)
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References:
<47262BC3.6000602@gmail.com>
<20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca>
<20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
Message-ID:
On Mon, 29 Oct 2007, Robert Eden wrote:
> > FYI - i've added three related options to the miranda plugin that users
> > seem to appreciate: an option to end sessions when the other end goes
> > offline (switch to FINISHED state), an option to end sessions when the
> > message window is closed (also switch to FINISHED) and a third option (with
> > a warning) to timeout finished sessions back to the PLAINTEXT state after a
> > certain amount of time. this can introduce some incompatibilities, but
> > there's no way to get miranda to send a message before a protocol goes
> > offline locally to terminate sessions 'properly'.
> >
>
> If those options could be added to the pidgin plugin that would be perfect.
> (send a FINISH request on exit)
That is leaking information though, if the settings for the remote user is
"opportunistic".
So, i am typing something to remote user, who then just before i hit return
pops offline. If my client then automatically goes into FINISHED state, just
before I hit return, I just leaked a cleartext message!
Paul
From rmeden@gmail.com Wed Oct 31 00:30:19 2007
From: rmeden@gmail.com (Robert Eden)
Date: Tue, 30 Oct 2007 18:30:19 -0500
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
Message-ID: <4727BE8B.1070700@gmail.com>
On 10/30/2007 6:03 PM, Paul Wouters wrote:
> So, i am typing something to remote user, who then just before i hit return
> pops offline. If my client then automatically goes into FINISHED state, just
> before I hit return, I just leaked a cleartext message!
>
How is that different from the remote user clicking "End Private
Conversation" before you hit return?
I don't think most folks would care, but I see nothing wrong with an
optional pop-up dialog that says "Joe has ended your private conversation"
Robert
From mail@scottellis.com.au Wed Oct 31 03:45:38 2007
From: mail@scottellis.com.au (Scott Ellis)
Date: Wed, 31 Oct 2007 13:45:38 +1100
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To:
References:
<47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra>
<20071029221213.GS6268@yoink.cs.uwaterloo.ca>
<20071029225413.GA86888@demeter.hydra>
<96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
Message-ID: <96e269140710301945r139c2a12of36bae8ac07e4107@mail.gmail.com>
------=_Part_5916_20238881.1193798738347
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 10/31/07, Paul Wouters wrote:
>
> On Mon, 29 Oct 2007, Robert Eden wrote:
>
> > > FYI - i've added three related options to the miranda plugin that
> users
> > > seem to appreciate: an option to end sessions when the other end goes
> > > offline (switch to FINISHED state), an option to end sessions when the
> > > message window is closed (also switch to FINISHED) and a third option
> (with
> > > a warning) to timeout finished sessions back to the PLAINTEXT state
> after a
> > > certain amount of time. this can introduce some incompatibilities, but
> > > there's no way to get miranda to send a message before a protocol goes
> > > offline locally to terminate sessions 'properly'.
> > >
> >
> > If those options could be added to the pidgin plugin that would be
> perfect.
> > (send a FINISH request on exit)
>
> That is leaking information though, if the settings for the remote user is
> "opportunistic".
>
> So, i am typing something to remote user, who then just before i hit
> return
> pops offline. If my client then automatically goes into FINISHED state,
> just
> before I hit return, I just leaked a cleartext message!
>
> Paul
It doesn't send messages in the FINISHED state - you mean the PLAINTEXT
state. That's why it doesn't change to PLAINTEXT immediately - it has a
cocnfigurable timeout, and shows the usual message(s) regarding the initial
switch to the FINISHED state.
------=_Part_5916_20238881.1193798738347
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 10/31/07, Paul Wouters <paul@cypherpunks.ca> wrote:
On Mon, 29 Oct 2007, Robert Eden wrote:
> > FYI - i've added three related options to the miranda plugin that users
> > seem to appreciate: an option to end sessions when the other end goes
> > offline (switch to FINISHED state), an option to end sessions when the
> > message window is closed (also switch to FINISHED) and a third option (with
> > a warning) to timeout finished sessions back to the PLAINTEXT state after a
> > certain amount of time. this can introduce some incompatibilities, but
> > there's no way to get miranda to send a message before a protocol goes
> > offline locally to terminate sessions 'properly'.
> >
>
> If those options could be added to the pidgin plugin that would be perfect.
> (send a FINISH request on exit)
That is leaking information though, if the settings for the remote user is
"opportunistic".
So, i am typing something to remote user, who then just before i hit return
pops offline. If my client then automatically goes into FINISHED state, just
before I hit return, I just leaked a cleartext message!
Paul
It doesn't send messages in the FINISHED state - you mean the PLAINTEXT state. That's why it doesn't change to PLAINTEXT immediately - it has a cocnfigurable timeout, and shows the usual message(s) regarding the initial switch to the FINISHED state.
------=_Part_5916_20238881.1193798738347--
From paul@cypherpunks.ca Wed Oct 31 16:19:48 2007
From: paul@cypherpunks.ca (Paul Wouters)
Date: Wed, 31 Oct 2007 11:19:48 -0400 (EDT)
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <4727BE8B.1070700@gmail.com>
References:
<47262BC3.6000602@gmail.com>
<20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca>
<20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com>
<4727BE8B.1070700@gmail.com>
Message-ID:
On Tue, 30 Oct 2007, Robert Eden wrote:
> On 10/30/2007 6:03 PM, Paul Wouters wrote:
> > So, i am typing something to remote user, who then just before i hit return
> > pops offline. If my client then automatically goes into FINISHED state, just
> > before I hit return, I just leaked a cleartext message!
> >
> How is that different from the remote user clicking "End Private Conversation"
> before you hit return?
Because *I* am still in private state, and hitting return will not allow
me to send that message cleartext. I either have to "Restart" or "end"
explicitely.
> I don't think most folks would care, but I see nothing wrong with an optional
> pop-up dialog that says "Joe has ended your private conversation"
No popups. they don't scale if the majority of users on your IM list uses otr
Paul
From perrin@apotheon.com Wed Oct 31 18:41:04 2007
From: perrin@apotheon.com (Chad Perrin)
Date: Wed, 31 Oct 2007 11:41:04 -0600
Subject: [OTR-users] Re: automatic end-private on logoff?
In-Reply-To: <4727BE8B.1070700@gmail.com>
References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> <4727BE8B.1070700@gmail.com>
Message-ID: <20071031174104.GA96611@demeter.hydra>
On Tue, Oct 30, 2007 at 06:30:19PM -0500, Robert Eden wrote:
> On 10/30/2007 6:03 PM, Paul Wouters wrote:
> >So, i am typing something to remote user, who then just before i hit return
> >pops offline. If my client then automatically goes into FINISHED state,
> >just
> >before I hit return, I just leaked a cleartext message!
> >
> How is that different from the remote user clicking "End Private
> Conversation" before you hit return?
>
> I don't think most folks would care, but I see nothing wrong with an
> optional pop-up dialog that says "Joe has ended your private conversation"
I'd prefer inline notification, personally. Pop-ups suck.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Kent Beck: "I always knew that one day Smalltalk would replace Java. I
just didn't know it would be called Ruby."