From jboehle at gmail.com Fri Oct 19 20:32:38 2007 From: jboehle at gmail.com (Jason Boehle) Date: Fri, 19 Oct 2007 19:32:38 -0500 Subject: [OTR-users] OTR plugin for Microsoft Live Messenger Message-ID: <6e6e16440710191732i6b1443c4h4c2361b5167be796@mail.gmail.com> Has anyone written a plugin for OTR to work in Microsoft Live Messenger? From ian at cypherpunks.ca Sat Oct 20 09:20:12 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 20 Oct 2007 09:20:12 -0400 Subject: [OTR-users] Ububtu package for pidgin-otr 3.1.0 Message-ID: <20071020132012.GU19610@yoink.cs.uwaterloo.ca> Does anyone here have the ability (or know how) to get pidgin-otr 3.1.0 into Ubuntu? Apparently they released gutsy with 3.0.0 for some reason. Thanks, - Ian From csturgess at fppartners.com Tue Oct 23 10:27:27 2007 From: csturgess at fppartners.com (Sturgess, Chris) Date: Tue, 23 Oct 2007 10:27:27 -0400 Subject: [OTR-users] Cannot start private conversation Message-ID: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com> Hello, I am unable to start a private conversation with another user. We are both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the OTR button, the message window says it's attempting to start the private conversation with the user, but nothing happens afterwards. There isn't anything of interest in debug window when clicking the button, so I'm wondering if it's a network issue. How does OTR perform its initial handshake? Could it be one or both of us have a port blocked that must be open? Thanks in advance for any help, Chris ********************************************************************** CONFIDENTIALITY: This e-mail is confidential and/or legally privileged and is intended only for the use of the individual or entity named herein. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. In this regard, if you have received this e-mail in error, please notify us by reply e-mail immediately and then delete this message from your system. Thank you for your cooperation. ********************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Tue Oct 23 11:47:21 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 23 Oct 2007 11:47:21 -0400 (EDT) Subject: [OTR-users] Cannot start private conversation In-Reply-To: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com> References: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com> Message-ID: On Tue, 23 Oct 2007, Sturgess, Chris wrote: > I am unable to start a private conversation with another user. We are > both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the > OTR button, the message window says it's attempting to start the private > conversation with the user, but nothing happens afterwards. There isn't > anything of interest in debug window when clicking the button, so I'm > wondering if it's a network issue. > > > > How does OTR perform its initial handshake? Could it be one or both of > us have a port blocked that must be open? The message is just a "text message", so if you can send plaintext IM's you can send OTR messages. Does the other user see any message? Perhaps the other end did install the otr plugin, but not enable it in the plugin list? but that should show to "the other user send you an OTR mesage, click here for more information" dialog. Paul From csturgess at fppartners.com Tue Oct 23 12:03:19 2007 From: csturgess at fppartners.com (Sturgess, Chris) Date: Tue, 23 Oct 2007 12:03:19 -0400 Subject: [OTR-users] Cannot start private conversation References: <2E5558D37ADF8944A6B4A8C50266F243022715B9@matikos1.fppartners.com> Message-ID: <2E5558D37ADF8944A6B4A8C50266F243032268E3@matikos1.fppartners.com> I've actually been trying starting the conversation with three different users, and no one receives a message when another tries to start a private conversation. Each user has the plugin enabled and has a private key generated for their respective accounts. Chris -----Original Message----- From: Paul Wouters [mailto:paul at cypherpunks.ca] Sent: Tuesday, October 23, 2007 11:47 AM To: Sturgess, Chris Cc: otr-users at lists.cypherpunks.ca Subject: Re: [OTR-users] Cannot start private conversation On Tue, 23 Oct 2007, Sturgess, Chris wrote: > I am unable to start a private conversation with another user. We are > both using Pidgin 2.2.1 with OTR 3.1.0-1 on Windows. When clicking the > OTR button, the message window says it's attempting to start the private > conversation with the user, but nothing happens afterwards. There isn't > anything of interest in debug window when clicking the button, so I'm > wondering if it's a network issue. > > > > How does OTR perform its initial handshake? Could it be one or both of > us have a port blocked that must be open? The message is just a "text message", so if you can send plaintext IM's you can send OTR messages. Does the other user see any message? Perhaps the other end did install the otr plugin, but not enable it in the plugin list? but that should show to "the other user send you an OTR mesage, click here for more information" dialog. Paul ********************************************************************** CONFIDENTIALITY: This e-mail is confidential and/or legally privileged and is intended only for the use of the individual or entity named herein. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. In this regard, if you have received this e-mail in error, please notify us by reply e-mail immediately and then delete this message from your system. Thank you for your cooperation. ********************************************************************** From jessicahu at yahoo.com Tue Oct 23 15:38:16 2007 From: jessicahu at yahoo.com (Jessica Hu) Date: Tue, 23 Oct 2007 12:38:16 -0700 (PDT) Subject: [OTR-users] Any OTR Messaging package for BlackBerry Message-ID: <588788.27733.qm@web30205.mail.mud.yahoo.com> It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From alex323 at gmail.com Tue Oct 23 17:20:14 2007 From: alex323 at gmail.com (Alex) Date: Tue, 23 Oct 2007 17:20:14 -0400 Subject: [OTR-users] Deniability Fails? Message-ID: <20071023172014.773fef3b@darwin> What if I were to carry on a private OTR conversation, and my ISP logged everything that came out of my modem? What if I had a client-server model protocol with OTR over to of it, and the government plugged directly into my server? Is all data coming out of that port then evidence? There is no way to say that someone modified the message in transit. :( -- Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: not available URL: From andreas at vollpfosten.org Tue Oct 23 17:51:09 2007 From: andreas at vollpfosten.org (Andreas Weber) Date: Tue, 23 Oct 2007 23:51:09 +0200 Subject: [OTR-users] mICQ has been renamed to climm Message-ID: <471E6CCD.6000901@vollpfosten.org> Greetings, on your homepage you mention mICQ as a client supporting OTR. It has been renamed to "climm" due to legal problems though: http://www.climm.org hth Andreas Weber -- Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. From kat at paip.net Tue Oct 23 19:36:05 2007 From: kat at paip.net (Kat Hanna) Date: Tue, 23 Oct 2007 19:36:05 -0400 (EDT) Subject: [OTR-users] Any OTR Messaging package for BlackBerry In-Reply-To: <588788.27733.qm@web30205.mail.mud.yahoo.com> References: <588788.27733.qm@web30205.mail.mud.yahoo.com> Message-ID: Unfortunately, no. I, for one, would love to see someone step up and do it, though. :-) On Tue, 23 Oct 2007, Jessica Hu wrote: > It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks. > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From paul at cypherpunks.ca Tue Oct 23 23:43:04 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 23 Oct 2007 23:43:04 -0400 (EDT) Subject: [OTR-users] Any OTR Messaging package for BlackBerry In-Reply-To: <588788.27733.qm@web30205.mail.mud.yahoo.com> References: <588788.27733.qm@web30205.mail.mud.yahoo.com> Message-ID: On Tue, 23 Oct 2007, Jessica Hu wrote: > It seems all current OTR packages are developed for Windows, Linux and OS X. Is there any OTR package for BlackBerry? Thanks. That would be cool. And one for Windows Mobile too :) Though wasn't blackberry so well encrypted, that all semi professional petty thieves were using it to encrypt their messaging? Though I guess the BES owner would still be able to decrypt it all. I wonder if a port to Java/JME would be the best way to get to these platforms. Paul From paul at cypherpunks.ca Tue Oct 23 23:46:50 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 23 Oct 2007 23:46:50 -0400 (EDT) Subject: [OTR-users] Deniability Fails? In-Reply-To: <20071023172014.773fef3b@darwin> References: <20071023172014.773fef3b@darwin> Message-ID: On Tue, 23 Oct 2007, Alex wrote: > What if I were to carry on a private OTR conversation, and my ISP > logged everything that came out of my modem? > > What if I had a client-server model protocol with OTR over to of it, > and the government plugged directly into my server? Is all data coming > out of that port then evidence? There is no way to say that someone > modified the message in transit. :( With full traffic analyses, that would indeed be hard. But it would be easy to generate encrypted traffic that they wouldn't be able to tell if it was IM traffic or not, leaving the way open again that someone else said it instead of you. Eg using tor or some VPN tunnel to the other end of the world. Really, when you're in front of a judge, and the other party presents all the decrypted IM messages, don't count on saying "it could have been forged", regardless of whether all your internet traffic was tapped or not. Judges don't like technology games at all. Paul From klhrevolution at yahoo.com Fri Oct 26 22:56:32 2007 From: klhrevolution at yahoo.com (Ken Hensley) Date: Fri, 26 Oct 2007 19:56:32 -0700 (PDT) Subject: [OTR-users] OTR Request (Message Notification) Message-ID: <550596.4217.qm@web45616.mail.sp1.yahoo.com> Sometimes I'm online and others on the buddy list are not... So the messages I send they will not be able to read & vice-versa. Any chance of implementing this into otr if it is possible ? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From paul at cypherpunks.ca Sun Oct 28 11:21:24 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Sun, 28 Oct 2007 11:21:24 -0400 (EDT) Subject: [OTR-users] OTR Request (Message Notification) In-Reply-To: <550596.4217.qm@web45616.mail.sp1.yahoo.com> References: <550596.4217.qm@web45616.mail.sp1.yahoo.com> Message-ID: On Fri, 26 Oct 2007, Ken Hensley wrote: > Sometimes I'm online and others on the buddy list are > not... So the messages I send they will not be able to > read & vice-versa. > > Any chance of implementing this into otr if it is > possible ? There are two reasons for them not being on the list. Either they are really offline, or they have a temporary network issue. If they are really offline, then you cannot talk to them with OTR. Since OTR requires communication back and forth. You cannot work around it because an attacker could then make it appear to you the other user was online (and for example you would be using the same key for all messaes instead of a new key). If the user has a glidge, and comes back online, you should be able to automatically resume the conversation. With your last message or two being resend. Paul From rmeden at gmail.com Mon Oct 29 11:29:49 2007 From: rmeden at gmail.com (Robert Eden) Date: Mon, 29 Oct 2007 10:29:49 -0500 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: Message-ID: use OTR on Pidgin for AIM. If I'm in a private conversation with someone and user #1 logs off, #2 still thinks the conversation is private. If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of clear text. If #1 logs on from another computer, the first message is lost, but then OTR resyncs with the new private key. (new computer also has OTR). I think OTR should automatically "end-private-conversation" when a log off message is received. What do others think? Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Mon Oct 29 14:32:27 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Mon, 29 Oct 2007 14:32:27 -0400 (EDT) Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: Message-ID: On Mon, 29 Oct 2007, Robert Eden wrote: > If I'm in a private conversation with someone and user #1 logs off, #2 > still thinks the conversation is private. > > If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of > clear text. > If #1 logs on from another computer, the first message is lost, but then > OTR resyncs with the new private key. (new computer also has OTR). > > I think OTR should automatically "end-private-conversation" when a log off > message is received. What do others think? A) Some logoffs hapen without sending a message (network disconnect) B) no clear text may ever flow if we expect crypted. C) there is no security on "log off" message, so an attacker could try and force you to disable crypto. The proper way to "log off" is to select "end private conversation", which does what you edpect it to do. I am unsure why this is not done when one actively sends a "log off" (go offline) with pidgin. Ian? Paul From rmeden at gmail.com Mon Oct 29 14:51:47 2007 From: rmeden at gmail.com (Robert Eden) Date: Mon, 29 Oct 2007 13:51:47 -0500 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: Message-ID: <47262BC3.6000602@gmail.com> On 10/29/2007 1:32 PM, Paul Wouters wrote: > On Mon, 29 Oct 2007, Robert Eden wrote >> If I'm in a private conversation with someone and user #1 logs off, #2 >> still thinks the conversation is private. >> >> If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of >> clear text. >> If #1 logs on from another computer, the first message is lost, but then >> OTR resyncs with the new private key. (new computer also has OTR). >> >> I think OTR should automatically "end-private-conversation" when a log off >> message is received. What do others think? >> > > A) Some logoffs hapen without sending a message (network disconnect) > B) no clear text may ever flow if we expect crypted. > C) there is no security on "log off" message, so an attacker could try > and force you to disable crypto. > > The proper way to "log off" is to select "end private conversation", which > does what you edpect it to do. I am unsure why this is not done when one > actively sends a "log off" (go offline) with pidgin. Ian? > > Paul > Well, the disconnected side is already gone.. the problem is the side that stays up. I can see the problem with faking a logoff message. Does Pidgin provide that sort of thing separate from the message stream? If it does, auto end-conversation would be a nice feature. If it doesn't, I agree that it's not worth the security risk. Robert From perrin at apotheon.com Mon Oct 29 17:06:46 2007 From: perrin at apotheon.com (Chad Perrin) Date: Mon, 29 Oct 2007 15:06:46 -0600 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <47262BC3.6000602@gmail.com> References: <47262BC3.6000602@gmail.com> Message-ID: <20071029210646.GA85769@demeter.hydra> On Mon, Oct 29, 2007 at 01:51:47PM -0500, Robert Eden wrote: > On 10/29/2007 1:32 PM, Paul Wouters wrote: > > > >A) Some logoffs hapen without sending a message (network disconnect) > >B) no clear text may ever flow if we expect crypted. > >C) there is no security on "log off" message, so an attacker could try > > and force you to disable crypto. > > > >The proper way to "log off" is to select "end private conversation", which > >does what you edpect it to do. I am unsure why this is not done when one > >actively sends a "log off" (go offline) with pidgin. Ian? > > > Well, the disconnected side is already gone.. the problem is the side > that stays up. I can see the problem with faking a logoff message. > Does Pidgin provide that sort of thing separate from the message > stream? If it does, auto end-conversation would be a nice feature. If > it doesn't, I agree that it's not worth the security risk. Is there any reason this can't be handled in part on the side that doesn't have the problem? For instance: Foo and Bar are talking to one another in a "private" conversation. Foo loses its connection, then reconnects. Bar, unaware that Foo had a momentary network hiccup, blithely sends its next encrypted message. Foo receives the message and goes "Woah, this is encrypted." Foo contacts Bar, saying "Hey, you, reconnect with me to start a new private conversation." Bar responds, saying "Holy cow, didn't realize you dropped off. Here's the reconnect stuff. How many encrypted messages did you receive after reconnecting?" Foo says "One that I've noticed." Bar resends it. Voila, everyone's happy. Obviously, this is a very high-level view of a re-handshake approach, and would require the clients to be able to recognize the difference between encrypted and unencrypted messages. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] John Kenneth Galbraith: "If all else fails, immortality can always be assured through spectacular error." From ian at cypherpunks.ca Mon Oct 29 18:12:13 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 29 Oct 2007 18:12:13 -0400 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <20071029210646.GA85769@demeter.hydra> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> Message-ID: <20071029221213.GS6268@yoink.cs.uwaterloo.ca> On Mon, Oct 29, 2007 at 03:06:46PM -0600, Chad Perrin wrote: > Is there any reason this can't be handled in part on the side that > doesn't have the problem? For instance: > > Foo and Bar are talking to one another in a "private" conversation. > > Foo loses its connection, then reconnects. > > Bar, unaware that Foo had a momentary network hiccup, blithely sends > its next encrypted message. > > Foo receives the message and goes "Woah, this is encrypted." > > Foo contacts Bar, saying "Hey, you, reconnect with me to start a new > private conversation." > > Bar responds, saying "Holy cow, didn't realize you dropped off. Here's > the reconnect stuff. How many encrypted messages did you receive after > reconnecting?" > > Foo says "One that I've noticed." > > Bar resends it. > > Voila, everyone's happy. Obviously, this is a very high-level view of a > re-handshake approach, and would require the clients to be able to > recognize the difference between encrypted and unencrypted messages. That's pretty much exactly what happens now, except that there's no "count"; clients only remember the last message they sent. As to having pidgin send the FINISHED message when the user chooses "Log off": that's perfectly sensible. It currently does it when the user chooses "Quit". It's just that no one's ever asked for this before. - Ian From perrin at apotheon.com Mon Oct 29 18:54:13 2007 From: perrin at apotheon.com (Chad Perrin) Date: Mon, 29 Oct 2007 16:54:13 -0600 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <20071029221213.GS6268@yoink.cs.uwaterloo.ca> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> Message-ID: <20071029225413.GA86888@demeter.hydra> On Mon, Oct 29, 2007 at 06:12:13PM -0400, Ian Goldberg wrote: > On Mon, Oct 29, 2007 at 03:06:46PM -0600, Chad Perrin wrote: > > > > Voila, everyone's happy. Obviously, this is a very high-level view of a > > re-handshake approach, and would require the clients to be able to > > recognize the difference between encrypted and unencrypted messages. > > That's pretty much exactly what happens now, except that there's no > "count"; clients only remember the last message they sent. > > As to having pidgin send the FINISHED message when the user chooses "Log > off": that's perfectly sensible. It currently does it when the user > chooses "Quit". It's just that no one's ever asked for this before. Was the problem in this case confined to use of a mobile client later, then? I thought there was some kind of problem indicated with the desktop client that had the OTR plugin, too -- though I suppose I may have misread the complaint. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Brian K. Reid: "In computer science, we stand on each other's feet." From mail at scottellis.com.au Mon Oct 29 19:01:40 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Tue, 30 Oct 2007 10:01:40 +1100 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <20071029225413.GA86888@demeter.hydra> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> Message-ID: <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> FYI - i've added three related options to the miranda plugin that users seem to appreciate: an option to end sessions when the other end goes offline (switch to FINISHED state), an option to end sessions when the message window is closed (also switch to FINISHED) and a third option (with a warning) to timeout finished sessions back to the PLAINTEXT state after a certain amount of time. this can introduce some incompatibilities, but there's no way to get miranda to send a message before a protocol goes offline locally to terminate sessions 'properly'. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeden at gmail.com Mon Oct 29 21:25:10 2007 From: rmeden at gmail.com (Robert Eden) Date: Mon, 29 Oct 2007 20:25:10 -0500 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> Message-ID: On 10/29/07, Scott Ellis wrote: > > FYI - i've added three related options to the miranda plugin that users > seem to appreciate: an option to end sessions when the other end goes > offline (switch to FINISHED state), an option to end sessions when the > message window is closed (also switch to FINISHED) and a third option (with > a warning) to timeout finished sessions back to the PLAINTEXT state after a > certain amount of time. this can introduce some incompatibilities, but > there's no way to get miranda to send a message before a protocol goes > offline locally to terminate sessions 'properly'. > If those options could be added to the pidgin plugin that would be perfect. (send a FINISH request on exit) Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Tue Oct 30 19:00:20 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 30 Oct 2007 19:00:20 -0400 (EDT) Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <20071029210646.GA85769@demeter.hydra> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> Message-ID: On Mon, 29 Oct 2007, Chad Perrin wrote: > Is there any reason this can't be handled in part on the side that > doesn't have the problem? For instance: [...] > Bar responds, saying "Holy cow, didn't realize you dropped off. Here's > the reconnect stuff. How many encrypted messages did you receive after > reconnecting?" It already is, but you cannot ask "how many messages did you miss". Protocols like Jabber also can store a few messages on the server. Paul From paul at cypherpunks.ca Tue Oct 30 19:03:38 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Tue, 30 Oct 2007 19:03:38 -0400 (EDT) Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> Message-ID: On Mon, 29 Oct 2007, Robert Eden wrote: > > FYI - i've added three related options to the miranda plugin that users > > seem to appreciate: an option to end sessions when the other end goes > > offline (switch to FINISHED state), an option to end sessions when the > > message window is closed (also switch to FINISHED) and a third option (with > > a warning) to timeout finished sessions back to the PLAINTEXT state after a > > certain amount of time. this can introduce some incompatibilities, but > > there's no way to get miranda to send a message before a protocol goes > > offline locally to terminate sessions 'properly'. > > > > If those options could be added to the pidgin plugin that would be perfect. > (send a FINISH request on exit) That is leaking information though, if the settings for the remote user is "opportunistic". So, i am typing something to remote user, who then just before i hit return pops offline. If my client then automatically goes into FINISHED state, just before I hit return, I just leaked a cleartext message! Paul From rmeden at gmail.com Tue Oct 30 19:30:19 2007 From: rmeden at gmail.com (Robert Eden) Date: Tue, 30 Oct 2007 18:30:19 -0500 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> Message-ID: <4727BE8B.1070700@gmail.com> On 10/30/2007 6:03 PM, Paul Wouters wrote: > So, i am typing something to remote user, who then just before i hit return > pops offline. If my client then automatically goes into FINISHED state, just > before I hit return, I just leaked a cleartext message! > How is that different from the remote user clicking "End Private Conversation" before you hit return? I don't think most folks would care, but I see nothing wrong with an optional pop-up dialog that says "Joe has ended your private conversation" Robert From mail at scottellis.com.au Tue Oct 30 22:45:38 2007 From: mail at scottellis.com.au (Scott Ellis) Date: Wed, 31 Oct 2007 13:45:38 +1100 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> Message-ID: <96e269140710301945r139c2a12of36bae8ac07e4107@mail.gmail.com> On 10/31/07, Paul Wouters wrote: > > On Mon, 29 Oct 2007, Robert Eden wrote: > > > > FYI - i've added three related options to the miranda plugin that > users > > > seem to appreciate: an option to end sessions when the other end goes > > > offline (switch to FINISHED state), an option to end sessions when the > > > message window is closed (also switch to FINISHED) and a third option > (with > > > a warning) to timeout finished sessions back to the PLAINTEXT state > after a > > > certain amount of time. this can introduce some incompatibilities, but > > > there's no way to get miranda to send a message before a protocol goes > > > offline locally to terminate sessions 'properly'. > > > > > > > If those options could be added to the pidgin plugin that would be > perfect. > > (send a FINISH request on exit) > > That is leaking information though, if the settings for the remote user is > "opportunistic". > > So, i am typing something to remote user, who then just before i hit > return > pops offline. If my client then automatically goes into FINISHED state, > just > before I hit return, I just leaked a cleartext message! > > Paul It doesn't send messages in the FINISHED state - you mean the PLAINTEXT state. That's why it doesn't change to PLAINTEXT immediately - it has a cocnfigurable timeout, and shows the usual message(s) regarding the initial switch to the FINISHED state. -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at cypherpunks.ca Wed Oct 31 11:19:48 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Wed, 31 Oct 2007 11:19:48 -0400 (EDT) Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <4727BE8B.1070700@gmail.com> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> <4727BE8B.1070700@gmail.com> Message-ID: On Tue, 30 Oct 2007, Robert Eden wrote: > On 10/30/2007 6:03 PM, Paul Wouters wrote: > > So, i am typing something to remote user, who then just before i hit return > > pops offline. If my client then automatically goes into FINISHED state, just > > before I hit return, I just leaked a cleartext message! > > > How is that different from the remote user clicking "End Private Conversation" > before you hit return? Because *I* am still in private state, and hitting return will not allow me to send that message cleartext. I either have to "Restart" or "end" explicitely. > I don't think most folks would care, but I see nothing wrong with an optional > pop-up dialog that says "Joe has ended your private conversation" No popups. they don't scale if the majority of users on your IM list uses otr Paul From perrin at apotheon.com Wed Oct 31 13:41:04 2007 From: perrin at apotheon.com (Chad Perrin) Date: Wed, 31 Oct 2007 11:41:04 -0600 Subject: [OTR-users] Re: automatic end-private on logoff? In-Reply-To: <4727BE8B.1070700@gmail.com> References: <47262BC3.6000602@gmail.com> <20071029210646.GA85769@demeter.hydra> <20071029221213.GS6268@yoink.cs.uwaterloo.ca> <20071029225413.GA86888@demeter.hydra> <96e269140710291601i751e5ab8se88da628d8ba529c@mail.gmail.com> <4727BE8B.1070700@gmail.com> Message-ID: <20071031174104.GA96611@demeter.hydra> On Tue, Oct 30, 2007 at 06:30:19PM -0500, Robert Eden wrote: > On 10/30/2007 6:03 PM, Paul Wouters wrote: > >So, i am typing something to remote user, who then just before i hit return > >pops offline. If my client then automatically goes into FINISHED state, > >just > >before I hit return, I just leaked a cleartext message! > > > How is that different from the remote user clicking "End Private > Conversation" before you hit return? > > I don't think most folks would care, but I see nothing wrong with an > optional pop-up dialog that says "Joe has ended your private conversation" I'd prefer inline notification, personally. Pop-ups suck. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Kent Beck: "I always knew that one day Smalltalk would replace Java. I just didn't know it would be called Ruby."