[OTR-dev] Flaw in OTR Protocol (with workaround!)
gdt at ir.bbn.com
Thu Aug 4 08:19:02 EDT 2005
Also, I should say thanks for all your work on OTR - I use it daily.
I just changed the per-user policy for one correspondent and on typing
a message got the policy violation popup. Then I got an 'established'
popup (I had previously accepted public key fingerprint). I'd prefer
to see these inline, as I don't consider them error cases. At least
I'd like the first popup to be changed to show the exchange complete,
rather than leaving two.
This is exactly the behavior (modulo popup/inline issues) I'd like to
see for Private/Broken. Essentially Private/Broken would force
"require OTR" policy.
(One could even wonder about starting key exchange when typing begins,
but that's a separate issue.)
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-dev