[OTR-dev] Decrypting messages from an old OTR conversation
Paul Wouters
paul at cypherpunks.ca
Mon Feb 27 14:08:38 EST 2006
On Mon, 27 Feb 2006, Evan Schoenberg wrote:
> The problem: some services support serverside offline messaging. Yahoo and
> ICQ, for example. If Bob is in an encrypted conversation with Alice, and
> Alice signs offline, the service still allows Bob to message Alice, storing
> the (encrypted) message on the server for delivery when Alice next signs
> online. Bob knows that Alice has the information for decrypting his message,
> since they've been communicating previously...
>
> So Alice signs on a day later... but she can't read the message, since the
> conversation has since ended. She receives:
> The encrypted message received from Bob is unreadable, as you are not
> currently communicating privately.
When signing off, the client should close the OTR connection to the "finished"
state.
Paul
--
"Do it today, tomorrow it will be illegal"
--- Source unknown
More information about the OTR-dev
mailing list