[OTR-dev] Handling of CTCPs and /me in IRC clients

Florian Bruhin me at the-compiler.org
Mon Dec 17 13:12:43 EST 2012 

* Greg Troxel <gdt at ir.bbn.com> [2012-12-17 12:01:02 -0500]:
> 
>    - When sending a CTCP TYPING, pass it unencrypted since it's probably
>      directed to bitlbee and won't arrive at the other end. (At least
>      this applies to irssi and weechat, since they both have scripts to
>      do the CTCP TYPING messages, I doubt anyone would want to send them
>      by hand)
> 
> I don't understand.  How is an i-am-typing notification really different
> From a message in terms of security desires?  Or is that thought to
> contain no real information not gleanable from the ciphertext?

CTCP TYPING is (to my knowledge) only used in bitlbee, which is (as
said) an IRC to IM gateway. So when Alice (using bitlbee) sends a CTCP TYPING
to Bob (using XMPP for example) the bitlbee server doesn't send this 1:1 to Bob
(since XMPP doesn't know CTCP), but instead sends an XMPP-style typing
notification to Bob. It's basically just a hack to have an IRC-way to
send typing messages to IM accounts.

Maybe this clears it up:

 (1)
 .__________. IRC connection   ._________. IM connection    .---------.
 |Alice     | unencrypted      |Bitlbee  |                  |Bob      |
 |          |----------------->|Server   |----------------->|         |
 |IRC Client| CTCP Bob TYPING  |IRC to IM| MSN/ICQ/YIM/XMPP |IM client|
 '----------' (\001TYPING\001) '---------' typing message   '---------'
 
 (2)
 .__________. IRC connection   ._________. IM connection    .---------.
 |Alice     | OTR encrypted    |Bitlbee  |                  |Bob      |
 |          |------------------|---------|----------------->|         |
 |IRC Client| CTCP Bob TYPING  |IRC to IM| Literal message  |IM client|
 '----------' (\001TYPING\001) '---------' \001TYPING\001   '---------'
 
In case (1), Alice is typing and a script in her IRC client sends a
CTCP TYPING to Bob. The Bitlbee server doesn't send this to Bob, but
instead a typing message as outlined above.

In case (2), the same thing happens, but since the CTCP TYPING is
encrypted, Bob gets a message saying \001TYPING\001 via XMPP.

I'm not sure if CTCP was a good choice for such a "hack" (not sure
what else in the IRC protocol you could [ab]use for something like
that though), but OTR breaks it.

Florian

-- 
() ascii ribbon campaign - stop html mail    www.asciiribbon.org
/\ www.the-compiler.org  | I love long mails http://email.is-not-s.ms/
I have a very good DENTAL PLAN. Thank you. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20121217/b5f62b22/attachment.pgp>

More information about the OTR-dev mailing list