[OTR-dev] Flaw in OTR Protocol (with workaround!)

Greg Troxel gdt at ir.bbn.com
Thu Aug 4 08:19:02 EDT 2005

Also, I should say thanks for all your work on OTR - I use it daily.

I just changed the per-user policy for one correspondent and on typing
a message got the policy violation popup.  Then I got an 'established'
popup (I had previously accepted public key fingerprint).  I'd prefer
to see these inline, as I don't consider them error cases.  At least
I'd like the first popup to be changed to show the exchange complete,
rather than leaving two.

This is exactly the behavior (modulo popup/inline issues) I'd like to
see for Private/Broken.  Essentially Private/Broken would force
"require OTR" policy.

(One could even wonder about starting key exchange when typing begins,
but that's a separate issue.)

        Greg Troxel <gdt at ir.bbn.com>

More information about the OTR-dev mailing list