OMEMO+OTR is not a good default

ChatSecure / ChatSecure-iOS

ChatSecure is a free and open source encrypted chat client for iOS that supports OTR and OMEMO encryption over XMPP.

https://chatsecure.org

Other

3.13k stars 1.03k forks source link

OMEMO+OTR is not a good default #663

Open inducer opened 7 years ago

inducer commented 7 years ago

Consider the following scenario:

Alice uses ChatSecure on iOS. Her client defaults to OMEMO+OTR.
She is able to successfully chat with Bob who is using Conversations
Bob's desktop computer, using Gajim, receives message carbons. After exchanging precisely one message with Alice, he can no longer send messages to Alice, because he needs to "trust her fingerprint' before sending (but that fingerprint is nowhere in the UI to be found)
Alice's messages also don't reach Bob's desktop computer, presumably because of OTR's single-recipient nature.

I suspect that at least the last problem would be better without OTR. As for the second-to-last one, I'm not sure.

chrisballinger commented 7 years ago

The default is set that way so users wouldn't lose media messaging functionality, which requires OTRDATA. Once we implement OMEMO file sharing we will probably remove the "OMEMO & OTR" mode.

inducer commented 7 years ago

Ah, thanks for explaining. And thank you for putting tons of work into ChatSecure.

gelft commented 7 years ago

nowhere in the UI to be found

Oh really?

look there it is i found it and you can too now

plugins menu for omemo

inducer commented 7 years ago

@gelft Thanks for the hint. Clicked that, was empty.

HummusSamurai commented 7 years ago

Yes, the fingerprint menu is empty on Gajim when checking for ChatSecure contacts.

OMEMO+OTR is massively bugged in Gajim+ChatSecure and I have not been able to get it working at all.

Everything works peachy after disabling OTR on both.

I suggest removing the OMEMO+OTR mode even before the media messaging is added to the OMEMO setting, simply for users' convenience and peace of mind. It was certainly a nightmare.

NicoHood commented 7 years ago

I am using dino and also pidgin on my linux desktop to communicate with someone on IOs using chatsecure. Both clients are unable to find his public omemo fingerprint. So this results in unencrypted messages from my side but encrypted messages from his site. Any idea how to fix it?

chrisballinger commented 7 years ago

If you receive an OMEMO message from someone, that is enough information to start a session and reply. Seems like something that should be fixed in Dino?

On Sun, May 14, 2017 at 10:26 AM, Nico notifications@github.com wrote:

I am using dino and also pidgin on my linux desktop to communicate with someone on IOs using chatsecure. Both clients are unable to find his public omemo fingerprint. So this results in unencrypted messages from my side but encrypted messages from his site. Any idea how to fix it?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ChatSecure/ChatSecure-iOS/issues/663#issuecomment-301327028, or mute the thread https://github.com/notifications/unsubscribe-auth/AAfqH3QIKOakJm4Rb3CenMseU17mWZ-sks5r5zlSgaJpZM4Lr2jd .

NicoHood commented 7 years ago

@chrisballinger I don't know, it always worked before. At least when I opened pidgin it worked and I could authorize the other side. But it seems to not work this time, and I have no idea why. The other side is using OMEMO only. You can try to contact me with your client.