[OTR-dev] mpOTR: shutdown()

Arturo Filastò art at torproject.org
Wed Jul 18 16:12:03 EDT 2012


On 7/18/12 9:37 PM, Abel Luck wrote:
> Hi,
>
> After reading and trying to fully digest the mpOTR paper and proposed
> "spec", we have some questions/concerns about how it will work on
> networks with periodic disruptions.

Very happy to see that this discussion is moving forwards.

> These questions are specific to the implementation of OTR for a future
> specification.
>
> Question 1: How do we determine when a user has "left" due to network
> timeout/instability vs simply quitting?
>
> Relevant section of specification:
>
> "When users wish to join or leave a chatroom, the proto-
> col shuts down the current session and then calls Initiate()
> with the new set of participants to initialize a new chat ses-
> sion." (pg 7)
>
>
> I propose a timeout of some number of seconds. Thoughts?

I think this is a quite reasonable assumption, though the problem is
that the
client that left will not have participated to the shutdown phase and
therefore
they will loose the deniability property.


> Question 2: How do clients decide to initiate Shutdown()? What happens
> if some clients initiate it but others do not?

The shutdown() is invoked when a participant wishes to leave the chat and
it requires everybody in the group chat to participate to such phase.

It is blocking with respect to any member of the group.

> "When the application determines that there are no out-
> standing in-flight messages between participants and that
> the chat session should be ended, it invokes the Shutdown()
> algorithm." (pg 9)
>
> This is related to the question of error handling, we need to specify
> how to handle errors.
>
> Finally, page 11 states "We are currently implementing and improving the
> efficiency of mpOTR." Has there been any work on this since publication?

I would have another few questions to add to this thread while we are at it:

Question 3)
What happens if a person joins during the Setup phase?

Since the setup phase requires a certain amount of roundtrips it is
quite plausible
that somebody joins the chat while such startup is occuring, what should
the other
participants do? Should they stop the current setup and restart a new
one with the
new participant or should they start another startup in the background
for the new
group?

In the first case I see a possibility for malory doing bad things. In
the first she can
keep joining the group chat with new nicks and prevent anybody from ever
completing
the setup.
Would the second strategy work?

Question 4)
What is the solution to message replay attacks?
This was already discussed on this mailing list [1]. In the end no true
solution
to this issue was found and it was stated that this would be the topic
of future
work [2], does someone know the status of such work?

I have another few questions, but will keep them to myself for the
moment or start another
thread with them as I think they may be a bit more controversial.

- Art.

[1]
http://lists.cypherpunks.ca/pipermail/otr-users/2010-August/thread.html#1850
[2] http://lists.cypherpunks.ca/pipermail/otr-users/2010-August/001853.html




More information about the OTR-dev mailing list