[OTR-dev] session termination
Paul Wouters
paul at cypherpunks.ca
Sat May 26 17:07:36 EDT 2007
On Sat, 26 May 2007, Tim wrote:
> ok, I installed Pidgin and OTR for Windows and added you - let's see if
> it works.
I'm at home later for testing.
> What will happen when you send me messages I can't decrypt and then you
> go offline? - no chance for a resent then.
That's a pretty uncommon race condition, since the OTR resend actually happens
instantly. The only case in which this is a problem is when both users keep
sending a single message to the other user who is offline. In any other case,
the new OTR request plus the resend works fine.
I am not sure how you propose to "patch" this, without storing plaintext
messages on other servers, which is just not acceptable from a security
point of view. Any "fallback to plaintext" can be abused by an attacker
to disable OTR.
Paul
More information about the OTR-dev
mailing list