[OTR-dev] handling jabber resources

Paul Wouters paul at cypherpunks.ca
Thu Dec 23 12:21:46 EST 2004

On Thu, 23 Dec 2004, Greg Troxel wrote:

> On computer A, I am able to OTR with party P using jabber.
> On computer B, I log on to jabber with a different resource.
> P's computer (same one) perceives, I think, that the OTR key is still
> valid, and thus sends a message encrypted.

What's a 'resource'? We have tested the plugin using the same account,
but after each other, on different machines, with one not running otr,
and it does fall back to cleartext. At least it did a few versions ago.

> bug 1 is that the key exchange should be bound to the 'resource',
> since it can't be used with other computers.

If you are using the same IM account, then I'm not entirely sure the
other party can detect you switched machines (and now lack a plugin)
until after the message comes back. If you use a different account,
then there is absolutely no relationship, other then that the same
human is using a computer, to which I hope gaim-otr has no control yet :)

> bug 2 is that after getting
> The encrypted message received from [redacted] is unreadable, as you
> are not currently communicating privately.
> and doing key exchange, this didn't get resent.  It should have gotten
> an OTR nak of some sort from my client, which was OTR enabled.

So you have two machines with OTR, and change from one to the other
account with a different session key, this should be picked up, but
we can retest this.


More information about the OTR-dev mailing list