[OTR-users] Does OTR cache authentication questions?

Lachezar Dobrev l.dobrev at gmail.com
Tue Sep 10 09:24:20 EDT 2013 

  GTalk/Hangouts has made a dubious change, where even if you log-out
you're still on-line with a MessagingA×××× resource (permanent
Non-Available state), and messages sent to that user may be received
by Google's servers when the user is not connected, supposedly for
delivery when the user reconnects.

  I have had several cases where I would chat with a peer of mine, and
out-of-the-blue he would receive a message I sent to him a few days
back when he was off-line.

  Occasionally my peers complain about not being able to read OTR
messages, because there is no active OTR session, but the OTR messages
are received very late. Th eproblem is even more confusing if we have
re-established a new OTR session, and start receiving OTR messages
from a previous session.

  To avoid the confusion I explicitly check the XMPP Resource of the
peer before writing to him. This is not easily achieved with peers
that have unstable Internet connection.

  I'm risking banishment, but I'd avoid Google Talk/Hangouts.


2013/9/10 Ian Goldberg <ian at cypherpunks.ca>:
> On Tue, Sep 10, 2013 at 01:24:08PM +0200, Pete Stephenson wrote:
>> On Tue, Sep 10, 2013 at 12:54 PM, Lachezar Dobrev <l.dobrev at gmail.com> wrote:
>> >   Are you by any chance using Google Talk (now Hangouts)?
>>
>> Indeed I am. We're both using Google Talk and XMPP.
>>
>> I apologize for not mentioning that earlier.
>>
>> >   AFAIK OTR uses the IM's communication channel to send and receive
>> > peer authentication in specially formatted messages.
>> >   With the recent changes in Google Talk I've had numerous occasions
>> > where messages I sent to my contacts got stalled, and not resent until
>> > my peers started using different client/device, sometimes with a week
>> > of delay. That might be an underlying cause of your problem.
>>
>> Interesting. That sounds precisely like what's going on. It sounds
>> like this is an issue with Google Talk and not OTR. My apologies for
>> the noise.
>>
>> Do OTR messages include a timestamp? I was thinking that it might be
>> good for OTR to silently drop authentication requests that arrive
>> after a sufficiently-long delay (e.g. >1 week) rather than attempt to
>> interpret them.
>>
>> Thanks for the prompt response.
>
> I would normally expect the session keys to have changed by then, and so
> the (long-delayed) message should have become unreadable by your buddy?
> Or is it the case that right after you originally sent the auth
> request, you stopped chatting for a week (but kept your IM clients
> open)?  Was this with pidgin-otr 4 on both sides?
>
> Thanks,
>
>    - Ian
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users

More information about the OTR-users mailing list