[OTR-users] Request: Pidgin plugin should request refresh if other user offline

Ian Goldberg ian at cypherpunks.ca
Sun Apr 25 20:06:58 EDT 2010


On Sun, Apr 25, 2010 at 12:30:32PM +0200, Matthias Andree wrote:
> > 2, his pidgin is supposed to send messages to all of his OTR
> > conversations informing the other side that he's disconnected.  That's
> > when Alice should see the "Bob has terminated his OTR conversation; you
> > should do the same" message, and Alice's side switches to Finished.
> 
> That part works.
> 
> > Now if Bob *crashes* in step 2, I agree that the offline-stored message
> > Alice sends in step 3 won't be readable by Bob if Bob has discarded his
> > session.  That's the intended behaviour.
> 
> It may be the intended behavior with the protocol, but assume Alice is
> really Aunt Tille, holds no MSc in Computer Science, and cannot be
> bothered to remember that there is a difference between Bob finishing
> the conversation and Bob logging off.
> 
> Can the OTR plugin notice that the chat partner has gone offline? If so,
> that should also "Finish" the OTR conversation, or, if that is not
> desireable, it should at least happen if Alice goes idle. Renegotiating
> the keys after Alice went shopping for two hours would not hurt, would
> it?
> 
> I understand that we do not want to send unencrypted messages in such
> cases without warning. But "mandatory OTR" might allow us to at least
> make sending messages impossible if Bob is offline.  Whether Bob cannot
> decode or Alice cannot send, I'd clearly prefer the latter case.

The trouble is that some people go offline, but keep their pidgin
running, and so keep their session keys.  They *want* their messages to
remain readable when they get back online.  So we implemented the "if
you quit your pidgin, the OTR session will close; if you just go
offline, it won't" mechanism.

Personally, I'd prefer if IM networks didn't let you send messages to
offline parties, since they're not "instant"; that's what email is for.
But my personal preferences are neither here nor there.  ;-)

The way it is now, Bob ends up receiving a message from Alice he cannot
read -- and is informed of that fact; he could try to contact Alice to
find out what it was.  If Alice was unable to send the message, Bob
wouldn't even know that she tried.  Which is better?  I don't think it's
100% either way.

   - Ian



More information about the OTR-users mailing list