Feature request: REQUIRE_AUTHENTICATION

[cfcs]

Hi, I'd like a feature to make jackline not send messages to unauthenticated users.

When starting a new conversation with a person, with the REQUIRE_ENCRYPTION setting toggled, jackline will automatically start an OTR session and "resend" my message.

If I have configured a verified fingerprint in a previous session, jackline will proceed to print POSSIBLE BREAKIN ATTEMPT! and send my message to the person using this unknown OTR key. :-(

This raises the question if there should be a bypass command, or if jackline should at least print the instructions to (temporarily? disable the option for the contact (temporarily, meaning tied to this OTR session) would be nice, since the user might use it to inquire "who the hell are you?" and forget about it, rendering them susceptible to impersonation attacks in future sessions.

[hannesm]

I cannot reproduce your described behaviour. when encryption is required and a message "foo" is to be sent while there's no encrypted channel, an encrypted channel is established. "foo" is discarded, you have to manually resend it. The code in question is https://github.com/hannesm/ocaml-otr/blob/master/src/otr.ml#L200-L204

Nevertheless, a require authentication sounds like a useful policy. it can't be implemented only in the otr library unfortunately (since this doesn't know anything about authenticated keys).

[cfcs]

I envision something that prefixes received messages with FROM UNVERIFIED OTR KEY in red, and where jackline would print REQUIRE_VERIFICATION policy prevents sending message to unverified contact: %S when you try to send a message, and where the first of these in a session also prints the instructions to temporarily whitelist the key, and references the commands used to control verification status.

[hannesm]

@cfcs could you please clarify your initial statement automatically start an OTR session and "resend" my message? IMHO this is wrong and was never the case.

The policies are atm completely handled by the OTR library, I'm hesitant to implement parts in jackline only. The other approach is to add the trust information into the OTR library, which may be viable.

[cfcs]

@hannesm Yes, sorry: The behavior I observe is that I type "hello!" when a contact comes online, and then I get a warning that there's no OTR context, after which an OTR session is started, and the message is resent. Maybe this is because I'm using an older build of jackline?

I think there's also a potential race here where - I establish a verified session - then the attacker drops the authentic peer and substitutes its own client - establishes an unverified session - and at the same time I finish typing my long response, which will now be sent to the unverified session (despite me starting to type it out within the verified session).

Anyway, I think an option called REQUIRE_VERIFICATION (to use the existing terminology of (un)verified keys, and not confuse it with TLS auth) would be a nice addition regardless, and it would solve my perceived problem. :-)