[OTR-users] AIM and shadow accounts

Ian Goldberg ian at cypherpunks.ca
Tue Nov 3 15:23:11 EST 2009


On Mon, Nov 02, 2009 at 10:12:08AM -0400, Gregory Maxwell wrote:
> On Mon, Nov 2, 2009 at 8:18 AM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> > On Thu, Oct 29, 2009 at 12:56:55PM -0400, Paul Wouters wrote:
> >> On Wed, 21 Oct 2009, Gregory Maxwell wrote:
> >>
> >>> As most OTR users on AIM know: If you log in from multiple places and
> >>> talk to another OTR user you'll end up in an "OTR war" with the remote
> >>> client that you can't hear.
> >>
> >> There is prerelease code you can grab from ftp.xelerance.com that have
> >> incorporated the fixes for this. I've been running it for over a month
> >> now.
> >
> > Note that this prerelease code will *not* be compatible with the
> > eventual release!
> >
> > *DO NOT* distribute this code beyond simple testing purposes, or we'll
> > have a problem when the release occurs...
> 
> I think it would be interesting and productive to hear a description
> of how the functionality is expected to work. (I could go grok it out
> from that code, but if it won't be the same…)

At a very high level, it adds "instance" tags to each message, which
perform roughly the same role as XMPP's resources, but for networks that
don't support such a concept.  Each client occasionally picks a random
instance tag for each of its accounts, and attaches that as the source
instance to all outgoing messages.  Replies (say in the key exchange
part of the protocol) include that value in the destination instance
field.  In general, you add a destination instance to a message if the
message will only make sense to a particular client who has chosen some
particular short-lived secret key.  Other clients should ignore the
message or (optionally) let the user know that there are messages being
directed to some other instance of himself.

Note that this requires a change to the wire protocol, and so a rev of
the wire protocol version to OTRv3.  There will be other changes in
OTRv3 as well (may as well do them all at the same time), which is why
the code in Paul's ftp will be incompatible with the wire protocol that
eventually gets released as OTRv3.

We have to be very careful to account for situations where one user is
logged in multiple times, some of which speak v3, and some of which
don't.  Paul says he's discovered bugs remaining in instances like
those, so closer examination is in order.

   - Ian



More information about the OTR-users mailing list