[OTR-dev] session termination

Tim timg10 at gmx.net
Tue May 29 07:00:56 EDT 2007

Paul Wouters schrieb:
> That's a pretty uncommon race condition, since the OTR resend actually happens
> instantly. The only case in which this is a problem is when both users keep
> sending a single message to the other user who is offline. In any other case,
> the new OTR request plus the resend works fine.
> I am not sure how you propose to "patch" this, without storing plaintext
> messages on other servers, which is just not acceptable from a security
> point of view. Any "fallback to plaintext" can be abused by an attacker
> to disable OTR.
> Paul
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev

Do I understand this correctly? If I go offline, your Gaim OTR will wait
with the resend, until I go back online? What will happen to the message
when I remain offline for, say, a week? This might well happen when my
internet connection fails.You certainly will go offline in between.
If you stay online: What will happen if I change the client? For example
if I'm chatting at my home PC, which has OTR installed, and then my
connection gets interrupted. Later I go back online with another client
on another PC (for example with ICQ2go at work), which doesn't have OTR
capabilities. Then your Gaim will send me the message encrypted and I
can't read it.

About the "fallback to plaintext" security problem: You get a message
when the session stopped and further messages will be sent in plaintext,
don't you? So you know that you shouldn't send any sensitive information


More information about the OTR-dev mailing list