[OTR-dev] Last-minute change to libotr 4 API
Howard Chu
hyc at symas.com
Sun Aug 26 00:03:56 EDT 2012
Ian Goldberg wrote:
> I really wish there was another way to do this. Suggestions are
> extremely welcome.
>
> While tracking down the problems I mentioned yesterday, I came across
> this issue:
>
> - Alice sends an OTR Query message to Bob
>
> - Bob sends a COMMIT message to Alice
>
> - Alice repies with a DHKEY message
>
> * At this point, the 3.x code would forget about the commit message, but
> in 4.x, in order to allow for the case where Alice is logged in more
> than once, Bob needs to hold on to the commit message, and in
> particular, to the private key that generated it, so that he can set
> up an OTR session with each of Alice's logins. [Recall that the
> major change in 4.0 over 3.x is that it addresses the "Alice is logged
> in more than once" problem.]
>
> So even after Alice and Bob have established an OTR session and are
> happily chatting, the current 4.x (master branch) code still has a copy
> of the private key used to generate Bob's COMMIT message stashed away.
> If Bob's computer's memory is compromised after that point, this private
> key may be able to be used to decrypt the first messages of the
> conversation. This is undesirable.
>
> A plausible thing to do is, after a "reasonable" amount of time, Bob
> should erase the private key. If one of Alice's login instances is
> extremely laggy, and that instance sends its DHKEY message after that
> time, it will be ignored as spurious.
>
> The problem is, suppose Alice and Bob exchange just a few messages
> quickly (before the "reasonable" timeout period), and then stop typing.
> There's no reason that *any* libotr function will be called for an
> arbitrarily long period of time, and so no code could run to erase that
> no-longer-needed private key.
>
> So here's the proposed change. Again, alternate suggestions (the sooner
> the better) are extremely welcome.
>
> There will be a new function
>
> polltime = otrl_polltime(userstate);
>
> you must call right after creating your userstate that will return a
> number of seconds.
>
> The calling application must then call (in the same thread as the
> rest of libotr, to be sure)
>
> otrl_poll(userstate, uiops, uiopdata);
>
> every polltime seconds (or thereabouts; exactness is not important).
> The otrl_poll function will do any periodic cleanups necessary for
> forward secrecy purposes (and, I suppose, any other operations that
> should be done periodically, but none is needed at the moment).
Since there are no other uses for this yet, it might be better to make this a
oneshot function. And change the signature of otrl_poll() to also return a
polltime. If it returns 0, then no further polling is desired, otherwise the
return value is the interval till the next desired poll. Setting up a
permanent alarm/timer in the app seems a bit unfriendly, particularly if it is
rarely needed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the OTR-dev
mailing list