Michael Rogers: > On 21/02/13 18:30, George Kadianakis wrote: >> * Is the shutdown phase of OTR the only place where transcript >> soundness is guaranteed? By 'transcript soundness', I mean the >> guarantee that all participants see the exact same transcript. >> What happens, if an 3vil server drops packets in the middle of the >> conversation? Do participants learn this only in the end of the >> conversation? > > A related threat: can a chat participant send different messages to > different participants, without this being detected until the > transcripts are compared? For example: > > Alice -> Everyone: Let's make plans for Friday > Bob -> Alice: Who wants to get ice cream? > Bob -> Carol: Who want to shoot the president? > Alice -> Everyone: Ooh, me me me! > > If an attacker forces the transcript comparison to fail (e.g. by > knocking the server offline before the comparison is complete), how > should the client communicate the failure to the user? I'm not sure > whether someone who's just taken part in a long multi-way conversation > will be able to make much use of a warning that says "What you just > saw may not be what everyone else saw." >
This is possible with some multi-party chat systems today. I've pointed it out to the relevant developers, some a few years ago - few actually solved the problem in a strong way, if at all. All the best, Jacob _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
