[OTR-dev] buglet in otrproxy?

Ian Goldberg ian at cypherpunks.ca
Thu Feb 3 09:40:13 EST 2005

On Thu, Feb 03, 2005 at 03:25:08PM +0100, Paul Wouters wrote:
> Hmm. Would it make sense to send some kind of authenticated "remote party
> accepted fingerprint'? Or is this impossible on the same channel risking a

Until the other side accepts your fingerprint, there can't be a key
exchange, and so there's can't be an authenticated channel.

> But yeah, I guess you shouldn't cache packets in this case, to prevent
> sending them to a MITM.

If we *do* cache packets, it'd be on the receiver's end, I think.

   - Ian

More information about the OTR-dev mailing list