[OTR-users] default action for otr button when in "other end finished" state

Paul Wouters paul at cypherpunks.ca
Fri Mar 16 14:10:24 EDT 2007 

On Fri, 16 Mar 2007, Ian Goldberg wrote:

> On Thu, Mar 15, 2007 at 07:51:43PM -0400, Greg Troxel wrote:
> > I agree that in state they-finished-we-haven't ('finished'), clicking
> > should go to 'not private'.  clicking again would of course try to
> > negotiate.
>
> Wait: you're saying sometimes clicking that button should make you go
> private, and sometimes it should make you go non-private?  No way.
> Clicking that button should *always* (at least try to) put you in
> private mode.
>
> Or am I misunderstanding?

No you are not :)

The button can change appearances. As the button is right now, when
the remote has finished the OTR session, the use of our button is
counter-intuitive.  This is not theoretical, this is happening to ME,
and I know what OTR does for me much more then the average user. The
problem is you are told "the user finished his OTR session with you,
you should do the same". Since there is only ONE button available, my
brain leaps to the conclusion "action is required, there is only one
button, therefor hit it". While the correct action in this case is to
RIGHT click and select "end private conversation". This is not good
from a UI perspective.

Though I understand the concerns from a cryptographic perspective.
I understand your fear of the other end closing OTR, and us automatically
following suit and accidentally sending something in the clear - though
that could be avoided by defaulting to "never send something in the clear
per default if we have an OTR key for this person", or simply demanding
a confirmation to send in the clear after the event that the other end
closed our secure communications.

I also understand that the current behaviour is the most fail safe, though
on many occasions I've restarted an OTR session by accident, while I had
nothing to say to this person (they left after all, hence their closing),
and restarted OTR to this person while the person had left his computer.

It makes you wonder about the purpose of closing the OTR session at all.
One reason is if the person goes to work, and has a non-OTR jabber client
client, and the person is now logged in twice. If I have accidentally hit
"refresh" to "end" the person's home connection, I'm now bombarding him
with unreadable messages, another frequent mistake that happens to me,
that would be mitigated a lot by having a text-only version of gaim-otr for
those who cannot use an IM client with GUI in their daily business life :)

So in short, my proposal would be:

If remote send us a "finished OTR session with you" we should either
  a) automatically "end private conversation" BUT upon the first would-be
     plaintext message, block and require confirmation of user for unencrypted send, - OR -
  b) change the OTR button to "end private conversation" button.

For b) the user can either:
     b1) click on "end button" - OTR button changes back to default familiar "Not private" button, AND
         optionally requires the user upon first non-private attempt at sending to confirm plaintext msg, - OR -
     b2) not click on "end" button and type - OTR button does not change, but there is no point attempting
         to send unreadable message, so refrain from sending garbage and attempt to init OTR before sending
         message.
     b3) not do anything and receive either:
       x) - OTR request, change button to normal button
       y) - plaintext, see b2)

Does this make sense?

Some of these issues are normally set by the buddy preferences, but we are missing the option to set the
preference per instance of a buddy. eg Paul/HOME can be "must OTR", while Paul/WORK could be "may OTR".
In practise, the one preference setting per total buddy doesnt work in practise.

This also assumes that the only reason people click "end OTR session" is because they will reappear
shortly elsewhere without OTR. I don't think there is another reason to do this. Because if I am
talking to Ian via OTR, and Ian leaves for work and ends the session, me telling him anything will just
restart the session and display the OTR protected text on his display anyway. No privacy is gained here.

Paul

More information about the OTR-users mailing list