Automatically intialize an OTR Session when starting to type in an online contacts' buffer

[sternenseemann]

This would prevent the "unencrypted first message"

[Profpatsch]

Simply init when the user hits enter (don’t send anything before when the connection is not intitialized).

[hannesm]

I'm against behaviour of sending anything to a contact unless enter is pressed.

@Profpatsch the behaviour you suggest is exactly the one if REQUIRE_ENCRYPTION is enabled (either config.sexp contains (policies (REQUIRE_ENCRYPTION)) or /otrpolicy on the account has +REQUIRE_ENCRYPTION (you can set user-specific policies with /otrpolicy +-[policy])

@lukasepple I usually enable REQUIRE_ENCRYPTION globally and then blacklist contacts who don't have OTR by /otrpolicy -REQUIRE_ENCRYPTION when that user is active.

[sternenseemann]

I see.

[Profpatsch]

It’s still broken if your policy is: “Use encryption if the other client supports OTR”.

[hannesm]

@Profpatsch in the OTR world, you can decide between opportunistic encryption (and send the first message in cleartext, the OTR whitespace tag is appended) or to require encryption (either by policy or manually /otr start). if you want to use encryption when the other side also supports OTR, you'll have to manually write an empty / useless message initially: if jackline would send an empty message with whitespace tag to everybody whenever I start typing, this would be rather annoying for accounts not using OTR (who then get spammed by lots of whitespaces).

I do not see a programmatic way of expressing your requested policy (in the XMPP + OTR environment)... if you could explain how it should work, considering the other side to be a) OTR speaking b) not OTR speaking, please tell.

[Profpatsch]

Is there a way to find out if the other side supports OTR?

In that case you initialize the session when the user hits enter on the first message, then send the encrypted message.

If there is no check, the other side has to endure one empty message, tough luck.

[hannesm]

there is no way to find out, apart from hoping that the other side responds to the whitespace sequence with an initial OTR message... (or answers to an OTR query)

[Profpatsch]

Don’t see why sending a non-OTR peer one whitespace message is a bad thing.

[hannesm]

In my mind there are several questions:

• what does 'one whitespace message' mean? once in a lifetime (would need to track whether this contact already got such a message)? once per session?
• people not using OTR will be annoyed by whitespace tags (you don't believe in this, but friends told me that they're annoyed by the whitespaces..(
• my intuition is a program should not proactively send data if the user didn't request that
• when should this whitespace message be sent? ("during typing" sounds good, but I actually don't keep track of typing (happens in https://github.com/hannesm/jackline/blob/master/cli/cli_client.ml#L863)) -- once a message is typed and enter pressed, it's already supposed to be sent...
• and: from a security perspective what is your threat model? I have either messages which I don't want to communicate over an unencrypted channel, and thus manually start otr or start with a useless hi (or have the otrpolicy to include require_encryption); or public messages, which I do not care about being public or not (in which case having an opportunistic whitespace tag in the first message is fine for me)

[Profpatsch]

once per session?

Once per non-existing OTR connection.

when should this whitespace message be sent?

When the user wants to send the first message, obviously.

it's already supposed to be sent

I don’t know how you want to achieve that, but imo the semantics are more along the lines of “I want the message to be sent after I press enter”

I have either messages which I don't want to communicate over an unencrypted channel

That’s 1980s thinking. As a user I have absolutely no message I want to send in the clear if it’s in any way possible, except I manually, actively specify that it should be sent in the clear. I thought that was commonly agreed on by now.

Maybe the problem is that require_encryption is not the default.

It looks to me like there is a big deficiency in the design of OTR.

[hannesm]

it seems to me that you want the behaviour of enabled the policy to require encryption. This is asked by the interactive configuration, and suggested to be enabled by jackline.

Furthermore, I disagree with there is a big deficiency in the design of OTR. They managed to design a sensible system which is agnostic of the underlying communication protocol; do feature negotiation inside of OTR (XMPP feature negotiation seems to be not implemented by many clients anyways); and got it widely deployed.

[Profpatsch]

I’m just highly irritated about first messages always arriving in plaintext, first in Pidgin and now from people using Jackline. Gajim gets this right.

But I probably have to blame @lukasepple for that, since he deactivated the sane default. :)