[OTR-users] picture buttons
Greg Troxel
gdt at ir.bbn.com
Fri Oct 14 12:21:07 EDT 2005
CLAY SHENTRUP <CLAY at BROKENLADDER.COM> writes:
> Then I also hope I'll never have to see a message to the effect of "you sent
> encrypted data to..who wasn't expecting it".
Perhaps that's just a UI issue, but I prefer to see that than to have
the key exchange and retransmit be silent.
> If the session isn't encrypted, my data should just go through
> unencrypted,
That's totally broken from a security viewpoint; if there's a reason
not to send data in the clear, it shouldn't happen without conscious
effort. I set policy to 'require OTR' for most people, so if I don't
have an OTR security association key exchange is forced.
> or perhaps there could be an option to have it ask you
> first to make sure, just in case you're not capable of looking at
> the lock icon first.
It's not a questions of not being capable; crypto UIs should enable
people who are tired or stressed to make the right choices without
having to be careful. Having to check lock icon constantly fails this
test.
--
Greg Troxel <gdt at ir.bbn.com>
More information about the OTR-users
mailing list