[OTR-dev] finished converstations a bad UI choice!

Greg Troxel gdt at ir.bbn.com
Tue Jul 24 14:19:22 EDT 2007


I'm writing, perhaps again, about what I consider to be a serious UI bug
with finished conversations.

Actual scenario:

  I have a private conversation with Alice.  Both of us use gaim and
  gaim-otr with jabber.

  Alice's client is probably set to 'require OTR' for me.  At least I've
  had the same behavior on my end when talking to someone else, when I
  have 'require OTR' set.

  I shut down my client.  This sends a 'finished' message, putting
  Alice's client in state finished for me.

  Alice (who doesn't follow otr-dev and understand the nuances of why
  it's bad to send cleartext when she might expect encrypted) tries to
  send something, typing a sentence and hitting return.

  She gets something like 'message not sent; please cancel or restart'
  and concludes (correctly!)  that the IM system is broken.

Now, I realize that sending the message in the clear would be a security
problem, as she could expect confidentiality and then not get it.  So
let me be very clear that I'm not asking for that.

There are then two cases:

  OTR is enabled, with automatic initiation, but not required)

    Here, we know that OTR recently worked with this peer.  So choices
    are

       0) send in clear - dangerous, violates user expectations
       1) fail (current behavior)
       2) try to initiate, and send message if negotatiation is successful

  OTR is enabled, with automatic initiation, and further is required)

    Here, there are two choices

       0) send in clear - against stated policy, dangerous
       1) fail
       2) try to initiate, and send message if negotatiation is successful


In the required case, note that these are the same options as in a "not
private" state.  But in "not private", otr-gaim does option 2, which is
useful and what the user expects.  In the 'not required' case, option 2
seems preferred - a savvy user can always 'end private' if that's what
they want.

I have no objection to "Conversation is in state finished; trying to
initiate private conversation" message.

I realize this is work to change.  But does anyone really think that the
current behavior is useful and reasonable?  To me it's gratuitously
difficult when there's a better behavior without security problems.



More information about the OTR-dev mailing list