On 06/05/15 11:51, Ian Goldberg wrote:
On Wed, May 06, 2015 at 12:11:53AM +0200, Allan Nordhøy wrote:
Change the colours and you have all modes. Red for "not private", Yellow
for "unverified" and Green for "authenticated".
Unfortunately, one can't use only a colour change to indicate something
like this, for the sake of people who cannot see the colours.
I'm not very familiar with OTR, but - a "not private" mode? And two
other modes? Is that wise?
Fifth Principle of Information Security Design: "Modes and choices are
bad in crypto protocols, they give users choices which they are not
qualified to make. It is your job to be clever, not the user's."
Now OTR's clients are probably mostly a bit above the usual luser, but ..
(Hi Ian, long time no see)
-- Peter Fairbrother
_______________________________________________
OTR-dev mailing list
[email protected]
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
