[OTR-users] Re: automatic end-private on logoff?
Paul Wouters
paul at cypherpunks.ca
Mon Oct 29 14:32:27 EDT 2007
On Mon, 29 Oct 2007, Robert Eden wrote:
> If I'm in a private conversation with someone and user #1 logs off, #2
> still thinks the conversation is private.
>
> If #2 sends a message, AIM Mobile sends "junk" to my cell phone, instead of
> clear text.
> If #1 logs on from another computer, the first message is lost, but then
> OTR resyncs with the new private key. (new computer also has OTR).
>
> I think OTR should automatically "end-private-conversation" when a log off
> message is received. What do others think?
A) Some logoffs hapen without sending a message (network disconnect)
B) no clear text may ever flow if we expect crypted.
C) there is no security on "log off" message, so an attacker could try
and force you to disable crypto.
The proper way to "log off" is to select "end private conversation", which
does what you edpect it to do. I am unsure why this is not done when one
actively sends a "log off" (go offline) with pidgin. Ian?
Paul
More information about the OTR-users
mailing list