[OTR-users] Re: OTR-users digest, Vol 1 #63 - 3 msgs
Ryan B. Gould
rgould at nosc.mil
Fri May 20 16:17:32 EDT 2005
a good example of why it would be best/great
to auto-accept keys is when you are oh two
different machines chatting with the same
person. an example: you are at home and
you have an OTR chat going with someone.
then you quit the chat. the person you
are chatting with either closes the window
or leaves it open (it doesnt matter which).
then you go to work and login there.
the person you were chatting with still
thinks that you are using the old key
(fingerprint). then both your attempts
to chat with each other barfs with all
sorts of malformed packet errors and
you are forced to re-establish a connection.
if the person that you are chatting with
happens to be using windows gaim with
the OTR pugin, and they are away from
their machine.. they can come back to
quite a few error messages.
> So what would people think about this:
>
> - When you receive a new fingerprint, you're notified of this fact
> (with
> a dialog box), but it's automatically accepted right away. [Noting
> that approximately everyone just clicks "OK" anyway, this doesn't
> change the usual behaviour.]
>
> - If you *don't* want to accept the fingerprint, you'd have to
> delete it
> from your "known fingerprints" list. Like today, I don't intend for
> there to be a "known bad fingerprints" list. [Another option
> would be
> for the above dialog to continue to have "accept / not accept"
> buttons, and clicking the latter would cause the fingerprint to be
> deleted from the known fingerprints list (it would have been
> added the
> moment the dialog popped up).]
>
> - The "private connection established" dialog goes away (or is made
> optional), but the fingerprint and secure session id that are in
> there
> now must still be accessible somehow (clicking the "OTR: Private"
> button, maybe?).
>
More information about the OTR-users
mailing list