[OTR-dev] Flaw in OTR Protocol (with workaround!)
Evan Schoenberg
evan.s at dreskin.net
Mon Aug 8 12:01:06 EDT 2005
On Aug 8, 2005, at 9:05 AM, Greg Troxel wrote:
> I presume that in Adium one can enable/disable OTR (much like the
> plugin in gaim)
>
You could set the policy to Never and not click the OTR button. You
can't disable it.
> and that when enabled it does opportunistic
> exchanges.
>
The default is equivalent to the Manual policy. You can set it to be
opportunistic...
> It would be nice to be able to set per-user OTR policy to
> require or opportunistic or none, so that the one can enable OTR in
> general and then turn off opportunistic for those correspondents that
> don't like it.
>
You can.
> I agree that the current send-with-old-key, get nack, KEX, resend
> behavior does much the same as what I'm asking for, but
>
> a) it shows the user 'unreadable message received'
>
> b) it results in sent but unreadable messages for machines that should
> have been private/broken but are offline.
>
>
Right -- decidedly confusing for most users, and avoidable as we
discussed previously, I think.
-Evan
> Ian: thanks for putting that fix into cvs.
>
>
>
> --
> Greg Troxel <gdt at ir.bbn.com>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20050808/57ff0062/attachment.pgp>
More information about the OTR-dev
mailing list