[OTR-dev] Clever logging for weechat_otr plugin (+ log management discussion)
Daniel ".koolfy" Faucon
koolfy at koolfy.be
Wed Mar 13 18:22:47 EDT 2013
On Wed, 13 Mar 2013 17:07:02 -0500
"Evan D. Schoenberg, M.D." <evan at adium.im> wrote:
>
>
> On Wednesday, March 13, 2013 at 4:58 PM, "Daniel ".koolfy" Faucon"
> wrote:
>
> > In fact, not logging OTR conversations is fairly transparent for the
> > user, most users won't notice until some day they will look for an
> > OTR conversation in their logs --probably not that often for lambda
> > users.
> >
> At which point they will be really annoyed at this technology for
> making them lose the log they expected to have, if they can even
> guess why it is that that particular conversation wasn't logged.
That's what the warning at the beginning of every OTR session would be
for.
>
> If your local machine is insecure, you've already lost.
Isn't the whole point of ephemeral encryption keys that a conversation
shouldn't be compromised if the computer is compromised *AFTER* the
conversation took place?
I think proper log management falls perfectly within the limits of this
threat model. And by keeping cleartext logs by default, we clearly
violate it.
--
Daniel ".koolfy" Faucon
Tel: France : (+33)(0)658/993.700
PGP Fingerprint : 485E 7C63 8D29 F737 FEA2 8CD3 EA05 30E6 15BE 9FA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20130313/dc4c6455/attachment.pgp>
More information about the OTR-dev
mailing list