[OTR-dev] Re: Poll

Timo Engel timo-e at freenet.de
Wed Feb 27 13:57:31 EST 2008


Rüdiger Kuhlmann schrieb:
> Hi,
> 
>> --[Ian Goldberg]--<ian at cypherpunks.ca>
>> On Sat, Feb 02, 2008 at 03:47:43PM +0100, Timo Engel wrote:
>>> It should not be task of the receiving plugin to remove HTML tags. For
>>> that reason a XMPP messages has a body-element where html content is
>>> not allowed and the optional html-element with XHTML markup.
>> No, it really should be.  Suppose the OTR specification said that the
>> plaintext should first be rot-13 encoded before being encrypted.  The
>> receiving OTR plugin would then be responsible for rot-13 decoding
>> before passing the plaintext up to the application.  Similarly, since
>> the OTR specification says that the plaintext can have HTML-markup, it's
>> up to the receiving OTR plugin to handle that before passing it up to
>> the receiving application.  For some receiving applications, this is
>> easy, since nothing has to be done.  For others, the markup needs to be
>> stripped.
>> The XMPP specification says that there must be no html content in the
>> body-element, which is in fact what happens; the body-element is
>> base64-encoded ciphertext with no markup (on the ciphertext).
> 
> I re-read the specification. The XMPP specification says that the body
> element may not contain HTML markup (for this, specific nodes are created),
> and contains the plain text message. The documentation of libOTR (in
> particular, the README) specifies that the usage of libOTR for sending a
> message consists of letting libOTR munge the message to be sent; there is no
> mentioning of stripping HTML tags for either sending or receiving. From this
> it follows that the text put into the XMPP body tag may not contain
> encrypted data from plaintext that contains markup. So there is plainly a
> bug in Pidgin if it does so. What it produces maybe technically a correct
> XMPP message, and the encrypted data is technically a correct OTR stream,
> but the combination is still incorrect.

Thats exactly the problem i tried to explain. Additional, the
HTML-Markup of Pidgin-Otr messages are not XML complient.

Probably most developer will do it currently the way like Pidgin-Otr
does it. But Pidgin is not the best Jabber client and the plugin does
not use the benefits of XMPP.





More information about the OTR-dev mailing list