[OTR-dev] New OTR Protocol draft: please look over
Paul Wouters
paul at cypherpunks.ca
Sat Oct 8 14:22:18 EDT 2005
On Thu, 6 Oct 2005, Ian Goldberg wrote:
> On Thu, Oct 06, 2005 at 08:45:19PM -0400, Greg Troxel wrote:
>> I suggest considering adding an id field to fragments. Right now
>> fragments can be misassembled if the transport doesn't actualy do
>> in-order delivery. The reassembly rules protect against this if n is
>> different, or k isn't K+1, but don't do so strongly. Just having a
>> fragment id and incrementing it and requiring that it match would
>> help. But, this may not be worthwhile because lack of ordering would
>> perhaps cause so many other problems, and it does take up space.
>
> Indeed, if the network reorders messages, all kinds of things go wrong
> (not security-wise, of course, but sessions won't get set up properly,
> or messages won't be readable).
But the fragments have an "id", right? The spec said:
?OTR,<fragmentnumber>,<totalfragments>,data
So in this case you could just save the fragments (within reason) and
reassemble them when you have all the fragments.
Though I guess it hardly makes sense to do so, because for any non
fragmented OTR message, you wouldn't be able to properly read it,
I think the assumption here is that messages can never be delivered
out of order, and if you receive a fragment while missing the
previous fragments, you disgard all of them and return an error.
Paul
More information about the OTR-dev
mailing list