On Thu, 14 Mar 2013 07:36:48 -0700 Gregory Maxwell <[email protected]> wrote:
> OTR should be integrated and on by default in software and > opportunistically enabled without request— and it _is_. Without this I > wouldn't be able to use OTR in all my chat conversations because it > would be too hard to nag all the remote parties to install and enable > it, [snip] So on one end of the spectrum, we have people mostly using cleartext conversations, and turning OTR on when they want to have a confidential/private conversation. Those probably want those OTR conversations to be off the logs. On the other end of the spectrum, we have users who, like you, use OTR on every single conversation they have (or close), and thus, under a "no-log-by-default" policy, will end up with no logs at all, even for less "confidential" conversations. Those probably want the opposite: log OTR sessions by default (since that's how most of they everyday conversation happen), and disable logs for those few very sensitive conversations. (or not at all, if they believe encryption is enough of a logging policy --I don't.) Now, realistically, on what end of the spectrum are currently 95% of OTR users around the world? We could have the "hey, I really want to log OTR conversations by default, I know what I'm doing, trust me I'll disable logs when I really need to!" button, but if it's there, there is too much of a risk that most people will enable it without much of a though, without understanding what they are doing or the implications, or even forget they enabled logs for everything ever. Eventually, when OTR is the default everywhere, this button might be more useful or reasonable. (...Unless we educate people to only enable logs for very specific conversations, even if they have encryption. I think this is what people call "defense-in-depth".) What would you all thing of this solution: - By default, no OTR logs are generated. - There is a way to enable logging of an OTR conversation. Logging of later OTR sessions will revert to "OFF" unless the user switches them to ON again. - There is a configuration option permanently allow the systematic logging of OTR sessions, but it has to be enabled manually. - When an OTR session starts and will be logged, a warning is shown to the user, reminding this conversation will be logged and that this is potentially dangerous to both parties. - When an OTR session starts and will *NOT* be logged, a warning is shown to the user, reminding this conversation will not be logged. That way: - Most users won't log by accident unless they specifically asked the OTR implementation to do so. - Users can't forget about a "logging" switch left to "ON" because they will be reminded every time. - Users can't be surprised no logs are being kept because they are warned every time. - Users are reminded that leaving logging ON is dangerous (some might not think about it), everytime they leave logging ON. I won't like implementing the "please log every OTR conversation" setting, but I think that way, *all* concerns expressed here are effectively addressed. Also, this behavior fits every profile in the spectrum. Even a "OTR is widespread and used en-masse" scenario. If we agree on this I'll get to work on implementing exactly this for weechat-otr, maybe try writing little patches for pidgin-otr, and ask jitsi if they would agree on such a policy for their OTR integration. -- Daniel ".koolfy" Faucon Tel: France : (+33)(0)658/993.700 PGP Fingerprint : 485E 7C63 8D29 F737 FEA2 8CD3 EA05 30E6 15BE 9FA5
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
