[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages
alex323
alex323 at gmail.com
Thu Jan 27 11:50:36 EST 2005
Why not just have a parser for when the message is decrypted? That
way, Eve can't send the disconnect message.
- Alex
On Thu, 27 Jan 2005 07:03:02 -0500, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Wed, Jan 26, 2005 at 01:25:17PM -0800, verbal wrote:
> > On Wed, 26 Jan 2005 14:57:12 -0600, Evan Schoenberg <evan.s at dreskin.net> wrote:
> > > I think the lack of ?OTR messages is insufficient... that doesn't do
> > > anything until bob sends a message and that message fails... Part of
> > > the purpose of such a 'heads up' is that bob can react without us
> > > having to wait for a message send to fail before any one is the wiser.
> > >
> >
> > what do you mean by letting bob "react", ie what would bob do? if
> > alice and bob are in an OTR conversation and alice turns it off. alice
> > sends in plaintext to bob, which is ok because alice knows she is
> > sending plaintext cause she set it while bob is sending in encrypted
> > text which is ok because he still thinks they're encrypted.
>
> Don't forget to take into account the case where Alice and Bob are in a
> secure conversation, but Eve sends a message to Bob (pretending to be
> Alice), trying to convince Bob to turn off OTR. That could either be
> the above plaintext, or the "heads-up" message, or whatever.
>
> It's *vital* that Bob _not_ turn off OTR in response to anything except
> Alice (_in_ an OTR conversation) saying "OK, I'm turning off OTR now.".
> [But this method does work OK.]
>
> - Ian
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
--
Thousands of people die every day. Yet you put 1 dead body in the
middle of a busy street and it makes people crazy.
More information about the OTR-dev
mailing list