[OTR-dev] Feature request: Log buddies fingerprint when OTR comes up to reduce MITM vulnerability.

[Gregory Maxwell]

Greetings.

Tonight I used the challenge question authentication with a frequent
chat partner of mine and she was instantly disconnected from AIM when
she answered the question. After she reconnected we attempted it again
she was able to complete the authentication without issue.

Now I'm sure this was just some really unlucky alignment of the
planets, but unfortunately an ongoing MITM attack would quite likely
have looked _exactly_ like this. Since I'm unable to tell what her
fingerprint was on the prior connection I can't distinguish a MITM
bailing out on the authentication protocol from a fluke disconnection.
 This means that there is a reduced disincentive to performing MTIM on
unauthenticated OTR since the middle man can abort on an
authentication attempt without leaving positive evidence of the foul
play.

I would recommend logging the fingerprint at each session
establishment, either as part of the 'started private connection'
alert or in the OTR preferences along with my key fingerprints. This
way past MITM attacks could be detected retrospectively, increasing
the risk of consequences for the attacker. A similar strategy is used
as a part of Tcpcrypt.