[OTR-dev] session termination
Tim
timg10 at gmx.net
Tue May 29 07:00:56 EDT 2007
Paul Wouters schrieb:
> That's a pretty uncommon race condition, since the OTR resend actually happens
> instantly. The only case in which this is a problem is when both users keep
> sending a single message to the other user who is offline. In any other case,
> the new OTR request plus the resend works fine.
>
> I am not sure how you propose to "patch" this, without storing plaintext
> messages on other servers, which is just not acceptable from a security
> point of view. Any "fallback to plaintext" can be abused by an attacker
> to disable OTR.
>
> Paul
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
Do I understand this correctly? If I go offline, your Gaim OTR will wait
with the resend, until I go back online? What will happen to the message
when I remain offline for, say, a week? This might well happen when my
internet connection fails.You certainly will go offline in between.
If you stay online: What will happen if I change the client? For example
if I'm chatting at my home PC, which has OTR installed, and then my
connection gets interrupted. Later I go back online with another client
on another PC (for example with ICQ2go at work), which doesn't have OTR
capabilities. Then your Gaim will send me the message encrypted and I
can't read it.
About the "fallback to plaintext" security problem: You get a message
when the session stopped and further messages will be sent in plaintext,
don't you? So you know that you shouldn't send any sensitive information
anymore.
Tim
More information about the OTR-dev
mailing list