[OTR-dev] Secure connections through a connect/disconnect cycle, OTR error messages

Evan Schoenberg evan.s at dreskin.net
Thu Jan 27 12:06:44 EST 2005 

*nod* I meant that the notification would be sent in the OTR context 
before the client disconnects, not in plaintext after it disconnects, 
so it would not be possible for the "other side requested OTR 
disconnect" message to be emulated by a third party.

-Evan

On Jan 27, 2005, at 10:50 AM, alex323 wrote:

> Why not just have a parser for when the message is decrypted? That
> way, Eve can't send the disconnect message.
>
>  - Alex
>
>
> On Thu, 27 Jan 2005 07:03:02 -0500, Ian Goldberg <ian at cypherpunks.ca> 
> wrote:
>> On Wed, Jan 26, 2005 at 01:25:17PM -0800, verbal wrote:
>>> On Wed, 26 Jan 2005 14:57:12 -0600, Evan Schoenberg 
>>> <evan.s at dreskin.net> wrote:
>>>> I think the lack of ?OTR messages is insufficient...  that doesn't 
>>>> do
>>>> anything until bob sends a message and that message fails... Part of
>>>> the purpose of such a 'heads up' is that bob can react without us
>>>> having to wait for a message send to fail before any one is the 
>>>> wiser.
>>>>
>>>
>>> what do you mean by letting bob "react", ie what would bob do? if
>>> alice and bob are in an OTR conversation and alice turns it off. 
>>> alice
>>> sends in plaintext to bob, which is ok because alice knows she is
>>> sending plaintext cause she set it while bob is sending in encrypted
>>> text which is ok because he still thinks they're encrypted.
>>
>> Don't forget to take into account the case where Alice and Bob are in 
>> a
>> secure conversation, but Eve sends a message to Bob (pretending to be
>> Alice), trying to convince Bob to turn off OTR.  That could either be
>> the above plaintext, or the "heads-up" message, or whatever.
>>
>> It's *vital* that Bob _not_ turn off OTR in response to anything 
>> except
>> Alice (_in_ an OTR conversation) saying "OK, I'm turning off OTR 
>> now.".
>> [But this method does work OK.]
>>
>>    - Ian
>> _______________________________________________
>> OTR-dev mailing list
>> OTR-dev at lists.cypherpunks.ca
>> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>>
>
>
> -- 
> Thousands of people die every day. Yet you put 1 dead body in the
> middle of a busy street and it makes people crazy.
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>

More information about the OTR-dev mailing list