[OTR-dev] OTR-dev Digest, Vol 75, Issue 1
Peter Fairbrother
zenadsl6186 at zen.co.uk
Wed May 6 08:49:13 EDT 2015
On 06/05/15 11:51, Ian Goldberg wrote:
> On Wed, May 06, 2015 at 12:11:53AM +0200, Allan Nordhøy wrote:
>> Change the colours and you have all modes. Red for "not private", Yellow
>> for "unverified" and Green for "authenticated".
>
> Unfortunately, one can't use only a colour change to indicate something
> like this, for the sake of people who cannot see the colours.
I'm not very familiar with OTR, but - a "not private" mode? And two
other modes? Is that wise?
Fifth Principle of Information Security Design: "Modes and choices are
bad in crypto protocols, they give users choices which they are not
qualified to make. It is your job to be clever, not the user's."
Now OTR's clients are probably mostly a bit above the usual luser, but ..
(Hi Ian, long time no see)
-- Peter Fairbrother
More information about the OTR-dev
mailing list