search

guardianproject / ChatSecureAndroid

This project has ended, but ChatSecure iOS continues. For Android, please use Conversations or Zom instead
https://chatsecure.org/blog/chatsecure-conversations-zom/
Apache License 2.0
1.07k stars 522 forks source link

Asynchronous communication using OTR #420

Open tanjeff opened 10 years ago

tanjeff commented 10 years ago

Problem Since a while, I'm testing XMPP+OTR for mobile messaging together with a friend of mine. Due to Snowden's revelations we want to use OTR in any case, to secure our communication. However, OTR is only possible when both endpoints are online at the same time, which is a big issue for us (often, one of us is temporarily offline). In practice, we switched back to SMS, because XMPP+OTR often don't work. Proposed Solution To circumvent the problem, I propose the following behavior: the sending ChatSecure instance could store the message locally until the receiver becomes online. Then, the message could be sent using OTR. That would mean that messages are sent as soon as both parties are online at the same time. A really asynchronous would not be possible, though, because there is no central party storing the message on behalf of the sender, but it might still improve the user experience. Discussion What do you think?

n8fr8 commented 10 years ago

On 02/24/2014 09:57 AM, tanjeff wrote:

Problem Since a while, I'm testing XMPP+OTR for mobile messaging together with a friend of mine. Due to Snowden's revelations we want to use OTR in any case, to secure our communication. However, OTR is only possible when both endpoints are online at the same time, which is a big issue for us (often, one of us is temporarily offline). In practice, we switched back to SMS, because XMPP+OTR often don't work.

Yes, this is an issue, though some XMPP services do support queuing of offline messages on the server.

http://xmpp.org/extensions/xep-0160.html

for instance, specifies this. I also believe Google's XMPP server does some offline storage.

This still requires that an existing OTR session is still active.

Proposed Solution To circumvent the problem, I propose the following behavior: the sending ChatSecure instance could store the message locally until the receiver becomes online. Then, the message could be sent using OTR. That would mean that messages are sent as soon as both parties are online at the same time. A really asynchronous would not be possible, though, because there is no central party storing the message on behalf of the sender, but it might still improve the user experience. Discussion What do you think?

This is a great idea and something we are working towards. We do have "delivery receipts" already implemented, so we can tell if there any undelivered messages that exist for a user. When we see that user's presence return to online, or receive any other XMPP message from them, we should do our best to resend the queued messages.

Thanks for the feedback!