[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages
Greg Troxel
gdt at ir.bbn.com
Wed Jan 26 12:52:15 EST 2005
Fine, but that confuses two things:
not wanting to send data in cleartext, unless user is really clear
that this is happening (agree 100%)
Knowing that the current OTR context you have with the other party
(probably) won't work any more.
I find that the current behavior doesn't meet either goal.
I'd like to see an OTR handshake start if the other party has a
fingerprint on record as soon as I start typing, and perhaps require
some explicit action to enable sending cleartext. Perhaps this is
per-correspondent state of 'require encryption'.
An OTR crypto context that is old (15 minutes?) should be pinged
before use; this would solve some of the "other person has restarted
gaim but I don't know that" problems. If you define a ping that will
be answered as a data message, and inject an "OTR ping" into the chat
window, that would figure out mismatches and rekey around them before
we get to data. It's kind of like a soft rekey, except you won't
cause a rekey popup if it isn't needed.
--
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-dev
mailing list