Hi! I am glad to see OTR development (visibly) moving foward again! :)
From a quick look at commit logs in libotr repository, I have not been able to figure out if the future version 4.0 is still vulnerable to the "Version rollback" attack that was described in the paper "Finite-State Security Analysis of OTR Version 2" [1] by Joseph Bonneau and Andrew Morrison. [1] http://www.jbonneau.com/OTR_analysis.pdf Has this been fixed already? And if it has not, would it be hard to prevent two clients to switch back to an earlier version of the protocol? Thanks, -- Ague
pgpERjweiy45s.pgp
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
