[Pidgin] #15477: OTR figerprint entries for Jabber and other XMPP based account types should include the resource
Pidgin
trac at pidgin.im
Wed Jan 23 12:15:28 EST 2013
#15477: OTR figerprint entries for Jabber and other XMPP based account types should
include the resource
----------------------+--------------------------
Reporter: calestyo | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.6 | Keywords: otr
----------------------+--------------------------
Hi.
Currently, pidgin only stores and verifies the user at host part of a JID in
XMPP-based protocols in the ~/.purple/otr.fingerprints file.
E.g.:
foo at example.net bar at example.org/Mobile prpl-jabber
adfe384759294857366529497462648590373263 verified
The resource-part is missing (note that it _does_ include the resource-
part on the sending account).
Quite obviously this is both a technical and a security problem:
1) Technical:
It's very likely that when people use different devices, they will also
use different keys, which now is a problem.
2) Security:
It's not really possible to specify to expect which key on which resource.
Cheers,
Chris.
--
Ticket URL: <https://developer.pidgin.im/ticket/15477>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list