[Standards] Current OTR Info

Chris Ballinger chris at chatsecure.org
Wed Apr 27 20:48:00 UTC 2016


Hey Sam,

We have been thinking about how to properly deal with delivery receipts
when OTR messages fail to get decrypted due to stale sessions. Right now
our delivery receipts are naively sent when the encrypted payload first
arrives, leaving the sender to occasionally receive receipts for messages
that never appear on the other client. There also appears to be a bug in
libotr that erroneously drops the first message received when not in a
session (without emitting an error, because it thinks it was a protocol
message) when receiving a message from someone else with a stale session.

A quick fix would be to only send delivery receipts if the message could be
successfully decrypted. However we could go a step further and also send
back a delivery receipt with an additional attribute indicating that the
message failed to be decrypted, triggering an OTR session refresh and an
automatic resend of the failed message(s)... only if the OTR fingerprint
remains unchanged or is already trusted, of course.

On Tue, Apr 19, 2016 at 9:28 AM, Sam Whited <sam at samwhited.com> wrote:

> Hi all,
>
> It's been a bit since https://xmpp.org/extensions/xep-0364.html was
> published, and I wanted to pick the conversation back up and see if
> there was any feedback that people feel wasn't addressed, or anything
> else that document needs to cover?
>
> I've been considering doing a slight restructure, and then advocating
> that it be pushed forward in the standards process (whatever that
> means for informational documents).
>
> Feedback welcome, otherwise I'll ask the council to stick it on the agenda.
>
> Thanks,
> Sam
>
> --
> Sam Whited
> pub 4096R/54083AE104EA7AD3
> https://blog.samwhited.com
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160427/7e800325/attachment.html>


More information about the Standards mailing list