-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/02/13 18:30, George Kadianakis wrote: > * Is the shutdown phase of OTR the only place where transcript > soundness is guaranteed? By 'transcript soundness', I mean the > guarantee that all participants see the exact same transcript. > What happens, if an 3vil server drops packets in the middle of the > conversation? Do participants learn this only in the end of the > conversation?
A related threat: can a chat participant send different messages to different participants, without this being detected until the transcripts are compared? For example: Alice -> Everyone: Let's make plans for Friday Bob -> Alice: Who wants to get ice cream? Bob -> Carol: Who want to shoot the president? Alice -> Everyone: Ooh, me me me! If an attacker forces the transcript comparison to fail (e.g. by knocking the server offline before the comparison is complete), how should the client communicate the failure to the user? I'm not sure whether someone who's just taken part in a long multi-way conversation will be able to make much use of a warning that says "What you just saw may not be what everyone else saw." Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRJ0/rAAoJEBEET9GfxSfMtOoH/1uO83IWapd4Ks/v4duXpcIZ 0B71d5U51pAtJhkCrvlnpJMAiRy55LY4gKpKtAlASJRH+GYsiOzNyEr6OLDjit0o VQIQOHsra+I2t7Ui7N+VmDb/JRA1H1+s0/Vr6424ZQR/aNcrfqJ3IiPF2ZPCYR/i rvwq6Kgc6mSxScJD+v1pJ+f/4ddfZ8MZMaEC2txSdvDQacSfgq1/19Ph6TcrzwLX cpsNBtVq2MyohhEg+VuOE35YpZBmWTaviLFp2JTIT+je9SSZRq16bIcWHvcFZXAq BVRrWrQ6xGBWWvz8CVk1XZ/REQDnrKz+w1ijL0NwTFMeS6JuVtwKpi9JoaxSKuk= =MjnR -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
