[OTR-dev] Last-minute change to libotr 4 API

Howard Chu hyc at symas.com
Sun Aug 26 12:48:56 EDT 2012


Ian Goldberg wrote:
> On Sat, Aug 25, 2012 at 08:54:56PM -0700, Arlo Breault wrote:
>> If it's only the first messages, you can start the conversation with
>> heartbeat packets so that compromising them is meaningless.
> 
> Nice idea!  But then we'd have to *require* all OTR clients to implement
> this.  Since not all OTR clients use libotr (there are a number of
> compatible implementations now, though not yet of the new version of the
> protocol), it seems bad to force them to change their behaviour because
> of a wart in the API of libotr.

But is this really just an API implementation issue, or is it fundamental to
the protocol? It seems to me that if you want to support this multiple
endpoint scenario, you have this problem no matter what implementation you use.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/



More information about the OTR-dev mailing list