[OTR-dev] Using libotr

Alex Burzyński alex.burzynski at gmail.com
Mon Mar 10 21:14:53 EDT 2014


I've asked those questions on #otr, but was pointed here to get the answers.

Symmetric key:
I wasn't sure what "int use" is for (in otrl_message_symkey) but thanks to
DrWhax++ I think I understand it more now - just need to revalidate:
- so use isn't defined as such yet
- there is the notion of using use=1 as file transfer
- and the reason for having the symkey at all is that both parties could
encrypt/decrypt the messages sent outside of OTR messages, but agree on the
key within the OTR conversation

is that correct?

gone_secure callback
why gone_secure is executed on Alice's side before Bob receives SIGNATURE
if Bob starts AKE, then gone_secure is called when Alice receives Bob's
so in practise if Alice upon gone_secure tries to write to Bob, Bob gets
 RCVDMSG_NOT_IN_PRIVATE - which is correct as the AKE is not finalised yet

so how/when would Alice know that she can now send message to Bob?

Fragmentation policy
I don't fully understand the how
OTRL_FRAGMENT_SEND_ALL_(BUT_FIRST|BUT_LAST) work, where those fragments are
stored and why?
how my use of otrl_message_sending/receiving() should change depending on

Ending conversation
As someone already noticed on the list gone_insecure isn't called in
current code, pidgin-otr detects that the other side ended conversation by
checking TLV of incoming message.

otrl_message_disconnect() works fine, but I've noticed that pidgin-otr
doesn't seem to send anything when the user decides to End private
converstation (based on XMPP console), does it depend on the current
(Some background: I'm testing my code by communicating to piding-otr)

Resending messages
that may be more about user-experience, but the Protocol page mentions
"recent stored message" - does it refer to auth.lastauthmsg? Should I queue
messages for resending in the app until the communication is private?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140311/d65b031c/attachment.html>

More information about the OTR-dev mailing list