[OTR-dev] new TLV to query supported TLVs
Ian Goldberg
ian at cypherpunks.ca
Sat Mar 14 04:34:29 EDT 2015
On Fri, Mar 13, 2015 at 03:23:05PM -0400, Hans-Christoph Steiner wrote:
>
> Upon thinking about this more, I think this should really be a part of the
> Signature Message. Then whenever there is a working OTR session, it will
> include the supported TLVs bitmask. I imagine that requires a new rev of the
> protocol, since the Signature Message does not seem to have a mechanism for
> extending it.
>
> Perhaps it still makes sense to include this TLV as a way to get this
> functionality with OTRv3. Then OTR implementations can just send this
> "Supported TLVs" Data Message immediately after the OTR session is established
> to get almost the same effect.
I'm a little concerned that clients get only one bit to specify
"support/no support" for a particular TLV type. How would you describe,
for example, which byte values for TLV8 are supported by a client?
There's also a small information leak related to client fingerprinting,
but that may be hard to fully block in any event.
What I would actually prefer is to just say "OTRv(whatever) is defined
as requiring support for these TLVs: ...", but that may be too strict?
- Ian
More information about the OTR-dev
mailing list