OTR and general security stuff

Ian Goldberg iang at cs.uwaterloo.ca
Fri Feb 15 08:22:27 EST 2013


On Fri, Feb 15, 2013 at 02:13:14PM +0100, azrdev wrote:
> 2013/2/13 Ethan Blanton <elb at pidgin.im>:
> >    developer).  This makes me somewhat nervous about "blessing" the
> >    OTR plugin; in particular, there have been a few long-standing and
> >    unaddressed bugs (not that I can think of what they are at the
> >    moment, but I'm sure someone can) that have plagued Pidgin users
> >    for years, and we've had no avenue of contact and seen no support
> >    on that front.
> >
> 
> To give an example: https://developer.pidgin.im/ticket/15477
> Having OTR ignore XMPP /resources makes it really annoying to use with
> two or more simultaneous logins.

If I remember correctly, pidgin-otr uses the "canonical" name of the
account.  This is so that case- and space- and dot- (in)sensitivity
on any particular IM netowrk don't matter.

I don't see the problem, though.  You'll just end up with two keys for a
particular account (if the user indeed has separate keys, and didn't
just copy the key file over), which is totally fine.

In any event, this should be on otr-dev, not devel at pidgin.im or
tor-assistants.

   - Ian




More information about the Devel mailing list