Fix client profile's serialization and deserialization

otrv4 / libotr-ng

A new implementation of OTR with support for version 4. This is a mirror of https://bugs.otr.im/otrv4/libotr-ng

Other

43 stars 9 forks source link

Fix client profile's serialization and deserialization #108

Closed juniorz closed 6 years ago

juniorz commented 6 years ago

Why

What is currently implemented does not match the spec.

Reference

otrv4/otrv4#138

Tasks

[x] Implement serialization
[x] Implement deserialization
[x] Correctly serialize the expiration date
[x] Remove the id, as well as in the prekey server.
[x] ~Add OTRv3 DSA key.~ (see #124)

juniorz commented 6 years ago

We noticed part of this story is about removing the ID from the client profile, so we might also need to:

[ ] Remove ID from prekey profile.
[ ] Remove both profile IDs from the non-interactive auth message.

But I am also confused about how the receiver of a Non-Interactive-Auth Message will be able to verify it when they has more than one active prekey profile at the same time?

Which profile should be used to generate the parameter t?

juniorz commented 6 years ago

We have decided the user is expected to try all their valid profiles to validate a non-interactive auth message when multiple options are available.