[OTR-users] messages sent in Finished state get lost
Mansour Moufid
mansourmoufid at gmail.com
Tue Nov 16 19:21:29 EST 2010
On Tue, Nov 16, 2010 at 6:20 PM, Tom Metro <tmetro+otr-users at gmail.com> wrote:
> I'm using OTR 3.2.0 with Pidgin 2.6.6 on Linux. I see the documentation
> says:
>
> Finished
>
> Alice was talking to Bob using OTR, but Bob has decided to stop using
> it. In this level, Alice is prevented from accidentally sending a
> private message without protection, by preventing her from sending any
> further messages to Bob at all. She must explicitly either end her
> side of the private conversation, or else start a new one.
>
> That makes sense, expect there seems to be one significant flaw in the
> implementation. When you are in the Finished state and you do try and
> send something, you get back:
>
> Your message was not sent. Either end your private conversation, or
> restart it.
>
> and your message goes into a black hole. It isn't logged. It doesn't
> stay in the input box. It just disappears without a trace.
Messages are "logged" by Pidgin in the sense that Ctrl+Up/Down will
scroll through the messages you've previously typed (sent or not). So
perhaps: simply wait for the other end to log on again, then Ctrl+Up,
Enter?
[By the way, I don't think Pidgin protects these from being written to
swap?.. not to mention
<philosecurity.org/pubs/davidoff-clearmem-linux.pdf>.]
> At minimum, if the message can't be sent due to the security state, OTR
> should leave the message in the input box and display a dialog warning
> the user why the message can't be sent.
Pidgin behaves exactly like this for XMPP ("XMPP message error" pop-up
window with Code 503 and the original message in a text box). I don't
know about other protocols.
--
Mansour Moufid
More information about the OTR-users
mailing list