[OTR-dev] session termination

Tim timg10 at gmx.net
Fri May 25 12:52:09 EDT 2007 

The bug I mean is the Miranda - Gaim session termination bug.
It occurs when the Miranda user exits the Miranda program, i.e.goes
offline. The Miranda OTR plugin doesn't send a session termination
message as the Gaim plugin does. According to Scott Ellis (the
programmer of the Miranda plugin) it's not possible to send such a
message because of Miranda's infrastructure.
So the Gaim OTR plugin doesn't know the Miranda  user is offline and
continues sending encrypted messages (which are then stored on the ICQ
or Jabber server until the Miranda user goes back online).
If I understood correctly, this is the desired behaviour. This is fine
as long as the user went offline because he lost his internet
connection, but keeps his IM program running, so he still has his
session keys in memory. But if he exits the program the keys will be
gone and he can't decrypt the messages which are stored on the ICQ
servers any more.
I assume the same thing will happen if both communication partners use
Gaim. If communication partner now looses his internet connection and
then exits Gaim, he will lose the session keys as well and thus his
offline messages.

In my opinion a message transport protocol should above all be reliable.
The bug I described makes instant messaging with OTR unreliable, because
one can't be certain all the messages sent can be read.
That's why I wanted a change in the Gaim plugin's behaviour. (And in the
proxy as well, I just noticed that it acts identically).

Don't think this bug occurs rarely: It happened to me almost every day.

I don't know how it is in other countries, but here in Germany most
internet providers let their customers keep their IP address for 24
hours, so unintended "IP hops" are quite seldom. At least I don't tend
to chat for more than 24 hours ;).

- Tim

Paul Wouters schrieb:
> On Fri, 25 May 2007, Tim wrote:
>
>   
>> I want to bring up the session termination bug one more time (see Scott
>> Ellis' mails for details).
>> Shouldn't it be quite easy to write a patch for the Gaim/Pidgin plugin
>> in order to make it stop an OTR session as soon as one user goes offline?
>> I recently read a bit of the plugin's source code, but since I haven't
>> read Gaim's source code yet, I would need quite some time to do it myself.
>> So I'm asking if anyone of you is willing to write a patch. You would
>> have it done within a few minutes, I guess. It could remain inofficial,
>> but it would make OTR usable for me and my friends.
>> Right now we have disabled our OTR plugins because that bug is so
>> annoying...
>>     
>
> With people hopping on and off the net on different IP's, I wouldn't
> want to restart an OTR session everytime that happens.
>
> Net connectivity isnt so much what should "end" your OTR session. It's
> the user deciding they won't talk to you long enough to justify closing
> the secure channel.
>
> I'm not sure what the exact bug is you are experiencing. If it is th
> "talking while user is gone" bug, then I agree I would like to see
> a better message then just a quote or the garbliegoo we send. According
> to Ian, that currently doesn't go through gaim-otr, so we can't really
> filter it from gaim-otr.
>
> Paul
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>

More information about the OTR-dev mailing list