[OTR-users] Request: Pidgin plugin should request refresh if other user offline

Matthias Andree matthias.andree at gmx.de
Sun Apr 25 06:30:32 EDT 2010 

On Sat, 24 Apr 2010, Ian Goldberg wrote:

> On Sat, Apr 24, 2010 at 12:54:37PM +0200, Matthias Andree wrote:
> > Here's the situation:
> >
> > 0. Linux Pidgin with 3.2.0 otr plugin on either end, using Jabber.
> >
> > 1. Users Alice and Bob negotiate a secure connection and chat for a while.
> > 2. Bob logs off
> > 3. Alice sends a message, which gets encrypted because of (1)
> > 4. Bob logs on from a different machine and sees there was an encrypted
> > message he couldn't decrypt.
> > => boom.
> >
> > I think I recall that under such circumstances, the overall setup at one
> > point used to automatically retransmit Alice's message after
> > re-negotiating the encryption, but this doesn't happen here.
> >
> > Proposal: the plugin should tell Alice that Bob has disconnected and she
> > should terminate the private conversation and re-establish it.
> 
> Hmm.  That's supposed to be what happens now.  When Bob logs off in step
> 2, his pidgin is supposed to send messages to all of his OTR
> conversations informing the other side that he's disconnected.  That's
> when Alice should see the "Bob has terminated his OTR conversation; you
> should do the same" message, and Alice's side switches to Finished.

That part works.

> Now if Bob *crashes* in step 2, I agree that the offline-stored message
> Alice sends in step 3 won't be readable by Bob if Bob has discarded his
> session.  That's the intended behaviour.

It may be the intended behavior with the protocol, but assume Alice is
really Aunt Tille, holds no MSc in Computer Science, and cannot be
bothered to remember that there is a difference between Bob finishing
the conversation and Bob logging off.

Can the OTR plugin notice that the chat partner has gone offline? If so,
that should also "Finish" the OTR conversation, or, if that is not
desireable, it should at least happen if Alice goes idle. Renegotiating
the keys after Alice went shopping for two hours would not hurt, would
it?

I understand that we do not want to send unencrypted messages in such
cases without warning. But "mandatory OTR" might allow us to at least
make sending messages impossible if Bob is offline.  Whether Bob cannot
decode or Alice cannot send, I'd clearly prefer the latter case.

Thanks for listening
Matthias

More information about the OTR-users mailing list