[otr-users] Pidgin plugin sends and parses HTML

Rüdiger Kuhlmann l-otr.0705+23jv-l at ruediger-kuhlmann.de
Sun May 11 12:30:37 EDT 2008


>--[Jonathan Schleifer]--<js-otrim at webkeks.org>
> Rüdiger Kuhlmann <l-otr.0705+23jv-l at ruediger-kuhlmann.de> wrote:
> > As such, the place
> > for text/plain is supposed to contain encryped text/plain, while
> > the place for text/html is supposed to contain encrypted text/html.
> That's exactly what I thought would be the right way to do it, thanks.
> The problem is that Pidgin puts the HTML inside the XMPP *body*, which
> is wrong, wrong and once again very wrong! It should put plaintext
> there! It *may* use XHTML in the namespace reserved for it, but even if
> it does so, it MUST also send a plain text variant, otherwise it
> violates the RFC and the XHTML XEP!

The excuse that will pop up on the list will be:

| But the encrypted text _is_ plain text and not HTML
| and thus doesn't violate the XMPP RfC!!!111oneeleven!!!

... which is technically true, but totally misses the point why
this is wrong. The only thing ever said about integration says
(from the README distributed with the libOTR source code):

| If newmessage gets set by the call to something non-NULL, then you
| should replace your message with the contents of newmessage, and
| send that instead.

So it says the only change to the data sent out is that the actual
message is replaced by the encrypted one. In particular, it doesn't
say to put the encrypted HTML in place of the text/plain part of
the message, nor does it say anything about having to support HTML
somewhere. I'm still waiting for someone to even try to bring any
argument refusing my conclusion.

Yours, Rüdiger.

-- 
"See, free nations are peaceful nations. Free nations don't attack
 each other. Free nations don't develop weapons of mass destruction."
      - George W. Bush, Milwaukee, Wis., Oct. 3, 2003
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080511/a8750cf0/attachment.pgp>


More information about the OTR-users mailing list