[OTR-users] gaim-otr and otrproxy beta 2
Ian Goldberg
ian at cypherpunks.ca
Thu Oct 27 14:37:33 EDT 2005
On Thu, Oct 27, 2005 at 11:26:54AM -0700, CLAY SHENTRUP wrote:
> Okay, but I'm still curious about the "finished" state. I'm trying to
> understand how it's different, behaviorally, than unencrypted. Could one say
> that it is essentially like being unencrypted, but have "require encryption"
> turned on, so that a new message isn't sent until the session has been
> refreshed?
If you type a message when you're in "Not private", it gets sent to your
buddy in the clear. If you type a message when you're in "Finished",
nothing at all gets sent to your buddy, and an error is given to you.
> > In fact, it indicates "public". But "conference" isn't far off; if you
> > send a message in that state, there are a whole bunch of people that can
> > read it.
>
> Could potentially read it, but aren't necessarily.
And how do you know which is the case? From a privacy point of view,
lots of people may as well be reading it.
> I think multiple people
> icons gives the impression that multiple people _are_ involved in the
> conversation. I'm trying to put myself into the mindset of a typical (dumb)
> computer user here.
And they _are_ involved, as far as you know.
> Does this new beta have what you consider to be the final version of OTR for
> the time being. That is, there are no more changes planned in the actual
> protocol for the time being, and any known security holes have been
> addressed?
The identity-binding flaw has been addressed. We reserve the right to
change the v2 protocol until the official release. [But at present, we
don't intend to do so.]
- Ian
More information about the OTR-users
mailing list