[OTR-dev] Clever logging for weechat_otr plugin (+ log management discussion)

Daniel ".koolfy" Faucon koolfy at koolfy.be
Wed Mar 13 18:22:47 EDT 2013

On Wed, 13 Mar 2013 17:07:02 -0500
"Evan D. Schoenberg, M.D." <evan at adium.im> wrote:

> On Wednesday, March 13, 2013 at 4:58 PM, "Daniel ".koolfy" Faucon"
> wrote:
> > In fact, not logging OTR conversations is fairly transparent for the
> > user, most users won't notice until some day they will look for an
> > OTR conversation in their logs --probably not that often for lambda
> > users.
> > 
> At which point they will be really annoyed at this technology for
> making them lose the log they expected to have, if they can even
> guess why it is that that particular conversation wasn't logged. 

That's what the warning at the beginning of every OTR session would be

> If your local machine is insecure, you've already lost.

Isn't the whole point of ephemeral encryption keys that a conversation
shouldn't be compromised if the computer is compromised *AFTER* the
conversation took place?

I think proper log management falls perfectly within the limits of this
threat model. And by keeping cleartext logs by default, we clearly
violate it.

Daniel ".koolfy" Faucon

Tel: France : (+33)(0)658/993.700
PGP Fingerprint : 485E 7C63 8D29 F737 FEA2  8CD3 EA05 30E6 15BE 9FA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20130313/dc4c6455/attachment.pgp>

More information about the OTR-dev mailing list