[OTR-dev] OTR with Jabber/XMPP

Ian Goldberg ian at cypherpunks.ca
Tue Feb 12 07:39:07 EST 2008


On Sat, Feb 02, 2008 at 03:47:43PM +0100, Timo Engel wrote:
> It should not be task of the receiving plugin to remove HTML tags. For
> that reason a XMPP messages has a body-element where html content is
> not allowed and the optional html-element with XHTML markup.

No, it really should be.  Suppose the OTR specification said that the
plaintext should first be rot-13 encoded before being encrypted.  The
receiving OTR plugin would then be responsible for rot-13 decoding
before passing the plaintext up to the application.  Similarly, since
the OTR specification says that the plaintext can have HTML-markup, it's
up to the receiving OTR plugin to handle that before passing it up to
the receiving application.  For some receiving applications, this is
easy, since nothing has to be done.  For others, the markup needs to be
stripped.

The XMPP specification says that there must be no html content in the
body-element, which is in fact what happens; the body-element is
base64-encoded ciphertext with no markup (on the ciphertext).

You seem to be saying that if one takes a valid XMPP message that
contains ciphertext, and decrypts the encrypted part, while making no
other changes to the XMPP message, the result should also be a valid
XMPP message.  However, that's just not true.

   - Ian



More information about the OTR-dev mailing list