[OTR-users] Pretty-please standardize OTR signature storage, per OS.
subharo at hushmail.com
subharo at hushmail.com
Thu Oct 3 09:28:24 EDT 2013
Hello again, Ian,
On Tue, 01 Oct 2013 18:12:06 -0400 "Ian Goldberg"
<ian at cypherpunks.ca> wrote:
>There is an OTR spec; it's on the website.
>(http://otr.cypherpunks.ca/Protocol-v3-4.0.0.html)
Thanks for pointing that out. I skimmed the spec, but couldn't
find the place that specifies that a given IM client should, or
even MUST gracefully simultaneously handle multiple OTR
fingerprints for a given IM contact (as generated by that IM
contact's use of multiple IM clients, all using the same IM
account).
Coould you please reply back with a link pointing to a place that
specifies this (or maybe the name of what section of the spec
contains this, or even a quotation from the spec)? Then whoever
approaches the Jitsi people has some hard evidence to back up the
claim that the Jitsi people have made this mistake in their OTR
implementation.
If this is not currently in the spec, then should the spec be
amended? It seems to me that addressing storage of OTR
fingerprints *needs* to be formalized in one way or another, even
if it's just to say something like:
"multiple OTR fingerprints for a given contact are OK, and all IM
clients supporting OTR must gracefully simultaneously handle
multiple OTR fingerprints for a given IM contact (as generated by
that IM contact's use of multiple IM clients, all using the same IM
account)"
Note: The Jitsi people expect that potential bugs will be discussed
on their Jitsi users mailing list FIRST, BEFORE a bug report is
created:
https://jitsi.org/index.php/Development/MailingLists
Cheers,
Subharo
More information about the OTR-users
mailing list