On Mon, 26 Aug 2013, Jurre van Bergen wrote:
Hi Tomek,
From: Jurre van Bergen <drw...@2600nl.net>
To: otr-dev@lists.cypherpunks.ca
Subject: [OTR-dev] Fwd: OTR integration
FYI
I'm currently working on OTR integration into 3.0.0 tree. I see three
possible solutions for it:
- enabling it by default: otr plugin seems to be well written and
doesn't cause crashes, so it won't be the new source of stability
problems. I just have one concern in mind: it will alter UI a bit, in
a way that vast majority of users won't utilize - it will be a clutter
for them
Is it that much of a change? I think it is good that they see when a
connection is insecure. Especially for inexperienced users.
- to track for "?OTRvxx?" tag (it indicates an OTR packet) in messages
and ask user, if he wants to enable the plugin. It would show up only,
when Pidgin was built with otr support. Also, after the first query,
it would set a hidden pref, so it won't ask the user again. I think
this will cover all use cases, because for incoming messages it will
be easy to set it up. User, who would like to start an outgoing OTR
conversation (for the first time), will be experienced enough to
enable it manually.
The whole design of OTR has been to ensure that one does NOT have to be
an "experienced user". That is the whole reason the world is in such a
sad state of deploying crypto and why the NSA/GCHQ can have so much data
about is.
I prefer the second one, but I would like to see other opinions.
Please keep the status of the OTR security of a connection visible so
people can go from insecure to secure. It is not "clutter". It shows a
deficiency in their conversion - someone is recording it without
consent!
Related, I don't know if the plugin can have precedence/ordering yet,
but currently when one types "/me is accidentally leaking information"
that gets leaked plaintext due to bad interaction between the irc plugin
("/me" is not a valid command, send it out unmodified) and the otr
plugin.
Regards,
Paul
_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
