[OTR-dev] OTR encryption state

[Evan Schoenberg]

On Jan 26, 2005, at 6:26 PM, Greg Troxel wrote:

> I consider it a serious bug that I can't check a box in otr prefs to
> say "don't try to do otr with this person for now".  Right now I have
> to delete the fingerprint to get that effect, and that opens me up to
> reverification issues.

*nod* You're right, then, when you said previously that we were 
addressing the same issue in different ways.  Removing autorenogiation 
solves this, as you stop the OTR session and OTR won't begin again with 
that contact until you ask it to.  Unfortunately, now that it's put 
that way, it becomes clear that -this- opens up a problem with initial 
OTR sessions... there's no way to distinguish:
a) a conversation I ended (i.e. we were talking, i told it to stop, and 
therefore we should not be automatically reconnected) from
b) an initial conversation with someone with whom I have a confirmed 
fingerprint and therefore should automatically be connected to

> To answer Evan, <snip>
Thanks for the explanations.

> So I restart racoon,
> which deletes all the SAs and then tries to negotiate on the next
> packet because it gets an ACQUIRE.
> That's the sense of 'nuke this context' that I'm talking about.
>
> The other action would be "change the SPD so that crypt is no longer
> required".
>
I see. Do the session IDs change in the state situation we've been 
discussing, that is if I hit 'cancel' and then you message me twice 
(once and receive the error message, at which point we autorenegotiate 
and have a secure sesion, and then a second time which is an encrypted 
message which goes through succesfully)?

-Evan