[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages

[Evan Schoenberg]

I agree 100%.  It would be disastrous for a client to bring you from 
encrypted to unencrypted automatically.

I was just wondering if a message... which protocol specs say no client 
should act on besides to present the information to the other side... 
could be sent, such that if my friend clicks "end encrypted chat" I 
immediately see an OTR message in my chat informing me that the remote 
side has requested to end the OTR chat.  No action is taken, but I am 
informed so I can either stop chatting with the person (since they 
won't see my messages) or cancel encryption myself (at which point we 
will be able to chat in plaintext) or contact my friend in some other 
manner to ask him to turn encryption back on.

-Evan

On Jan 26, 2005, at 9:07 AM, Ian Goldberg wrote:

> No, and that's quite on purpose.  There should be NO WAY a network
> message can cause a session to transition from private to not private.
> If there were, you'd have to be really, really careful about whether
> that message is authentic / replayed / etc.  There's also the problem
> of: 1. user (in secure conversation) starts typing private message,
> 2. other side ends the session, sending "session ended" packet to user
> 3. User hits Enter to send his message in the (now unencrypted) 
> session.
>
> It's really important that the user have to take non-trivial action to
> leave a private conversation.