[prev in list] [next in list] [prev in thread] [next in thread]
List: kopete-devel
Subject: Re: [kopete-devel] Enable OTR plugin by default?
From: Michael Zanetti <michael_zanetti () gmx ! net>
Date: 2009-09-27 21:42:55
Message-ID: 200909272343.00351.michael_zanetti () gmx ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sunday 27 September 2009 22:17:34 Benson Tsai wrote:
> > - If the other end terminates the encrypted session the local user needs
> > to end or refresh the session manually (2 clicks) before he is able to
> > send messages to that user again.
>
> I think this is pretty bad, is there any reason why the user needs to
> end/refresh the session manually aside from it being not implemented
> as an automated thing?
Ending a session automatically would result in a security risk. Immagine you
are chatting to someone in an encrypted session and write some private content
which you do not want to be sent in clear-text over the network. If the other
end terminates the encrypted session just before you are hitting enter your
text would be sent out unencrypted over the network. That means you are no
longer in full control over the encryption status of the messages.
Automatically ending encrypted sessions is not intended by the OTR protocol
specification and I strongly advice to not change that.
["signature.asc" (application/pgp-signature)]
_______________________________________________
kopete-devel mailing list
kopete-devel@kde.org
https://mail.kde.org/mailman/listinfo/kopete-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic