[OTR-users] Re: OTR-users digest, Vol 1 #63 - 3 msgs
Greg Troxel
gdt at ir.bbn.com
Tue May 31 09:00:32 EDT 2005
"Ryan B. Gould" <rgould at nosc.mil> writes:
> a good example of why it would be best/great to auto-accept keys is
> when you are oh two different machines chatting with the same
> person. an example: you are at home and you have an OTR chat going
> with someone. then you quit the chat. the person you are chatting
> with either closes the window or leaves it open (it doesnt matter
> which). then you go to work and login there. the person you were
> chatting with still thinks that you are using the old key
> (fingerprint). then both your attempts to chat with each other
> barfs with all sorts of malformed packet errors and you are forced
> to re-establish a connection. if the person that you are chatting
> with happens to be using windows gaim with the OTR pugin, and they
> are away from their machine.. they can come back to quite a few
> error messages.
I think the discussion is about fingerprints for public keys used to
sign key exchange, not about session keys. I routinely do what you
describe and don't have issues but do need to refresh the key exchange
when one person switches computers. I've long ago accepted the 2-3
fingerprints for each of my correspondents' machines.
--
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-users
mailing list