[OTR-dev] /me bug
Kurt Roeckx
kurt at roeckx.be
Sat Sep 14 18:45:47 EDT 2013
On Sat, Sep 14, 2013 at 04:06:23PM -0400, Paul Wouters wrote:
>
> I mostly want an accidental typing of /me or /whatever to not leak
> plaintext during an OTR conversation:
>
> <otr session active>
> Hi Mr.Snowden
> /me is scared about the NSA <--- leaks plaintext
> about that secret file. The password is:
> /secretliesandstatistics <----- leaks plaintext
I think we al agree that we don't want to leak something. The
question is just how it should be implemented protocol wise.
That /me now leaks something clearly isn't what we want,
and I think that on IRC we want a normal PRIVMSG with the
whose, including the ACTION part encrypted.
I have no ideal what happens when you do /secretliesandstatistics,
since I've never used pidgin to do IRC. With all clients I've
used if "secretliesandstatistics" isn't a known command the
client itself will give an error message and it's never send
to the server. I have to use something like /quote to send
raw irc commands. But I can imagine that some clients just
try to send that to the server and let the generate an error
message instead.
Kurt
More information about the OTR-dev
mailing list