[OTR-users] Does OTR cache authentication questions?

[Pete Stephenson]

Hi all,

I just ran into an interesting situation with a friend of mine. We
both use OTR 4.0.0-1 for Pidgin/libpurple 2.10.7 on Windows 7 64-bit.

A month or two ago we tried authenticating using the
question-and-answer method. For some unknown reason, one particular
authentication question never made it from my system to his, so I hit
cancel. An hour or so later I tried again and the authentication
worked.

Today, my friend and I were chatting unencrypted, without OTR (he was
using a new system that had Pidgin but not OTR, while I was still
using the same system as I had been before). After a few minutes of
chatting, he installed OTR and I tried authenticating him with the
question-and-answer authentication using a different question than the
one I asked a month or two ago.

Unbeknownst to me, my friend was prompted for the undelivered question
from the session a month or so ago rather than the question I asked
during this session. Naturally, he failed the authentication attempt
since the answer to the undelivered question was different from the
answer to today's question. A second attempt today at
question-and-answer authentication worked correctly.

Does OTR cache authentication questions in case they're not delivered
by the underlying IM service?

Since we both thought this was a bug and wanted to provide a more
detailed bug report we tried replicating the situation but were unable
to successfully do so. Sorry. I suppose we could blame it on cosmic
rays or planetary alignment or something. :)

Cheers!
-Pete

-- 
Pete Stephenson