* Greg Troxel <[email protected]> [2012-12-17 12:01:02 -0500]: > > - When sending a CTCP TYPING, pass it unencrypted since it's probably > directed to bitlbee and won't arrive at the other end. (At least > this applies to irssi and weechat, since they both have scripts to > do the CTCP TYPING messages, I doubt anyone would want to send them > by hand) > > I don't understand. How is an i-am-typing notification really different > From a message in terms of security desires? Or is that thought to > contain no real information not gleanable from the ciphertext?
CTCP TYPING is (to my knowledge) only used in bitlbee, which is (as said) an IRC to IM gateway. So when Alice (using bitlbee) sends a CTCP TYPING to Bob (using XMPP for example) the bitlbee server doesn't send this 1:1 to Bob (since XMPP doesn't know CTCP), but instead sends an XMPP-style typing notification to Bob. It's basically just a hack to have an IRC-way to send typing messages to IM accounts. Maybe this clears it up: (1) .__________. IRC connection ._________. IM connection .---------. |Alice | unencrypted |Bitlbee | |Bob | | |----------------->|Server |----------------->| | |IRC Client| CTCP Bob TYPING |IRC to IM| MSN/ICQ/YIM/XMPP |IM client| '----------' (\001TYPING\001) '---------' typing message '---------' (2) .__________. IRC connection ._________. IM connection .---------. |Alice | OTR encrypted |Bitlbee | |Bob | | |------------------|---------|----------------->| | |IRC Client| CTCP Bob TYPING |IRC to IM| Literal message |IM client| '----------' (\001TYPING\001) '---------' \001TYPING\001 '---------' In case (1), Alice is typing and a script in her IRC client sends a CTCP TYPING to Bob. The Bitlbee server doesn't send this to Bob, but instead a typing message as outlined above. In case (2), the same thing happens, but since the CTCP TYPING is encrypted, Bob gets a message saying \001TYPING\001 via XMPP. I'm not sure if CTCP was a good choice for such a "hack" (not sure what else in the IRC protocol you could [ab]use for something like that though), but OTR breaks it. Florian -- () ascii ribbon campaign - stop html mail www.asciiribbon.org /\ www.the-compiler.org | I love long mails http://email.is-not-s.ms/ I have a very good DENTAL PLAN. Thank you.
pgpM9aIAi3UGe.pgp
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
