[jitsi-users] Otr fails if multiple endpoints are used


#1

Hello,

jitsi is for me still unable to handle otr and multiple endpoints. The menu
"Secure Chat" in the chat window shows me 4 endpoints for one of my
contacts. With the first OTR went smooth and we verified this device.
Then he tried a connection from the 2nd device. And the mess starts.

1. I could not establish a OTR channel to any of the 4 devices
2. I could not establish a OTR channel after restarting jitsi to any of the
4 devices
3. If i click on the lock icon it changes to "in progress" and sends the
start text, but OTR fails:

xx@xx.dyndns.org/nexus 7 ist an mehreren Geräten angemeldet und OTR hat
mehrere Verbindungen erstellt. Sie können eine der Verbindungen aus dem
Menu auswählen.
Privates Gespräch mit xx@xx.dyndns.org/nexus 7 abgebrochen.

4. If my contact start OTR i can see the OTR stuff and encrypted content in
gmail, but my text is send in plain! At least the lock icon stays as "plain
text" but there should be no half encrypted channel
5. If my contact start OTR from the second device and it works, then my
input window is not drawn to this connection, so this could explain 4, as
the link to the first device is still unencrypted (but incomming messages
draw the input field to this connection)

6. If somehow an other device in the list of 4 gets OTR set up i can not
tell to which endpoint it sends to, ooooh, i have found the ui element, its
well hidden with this small arrow. And second to that: what happens if
there is only one OTR channel and 2 logged in devices, and this little icon
stands on "send to all"? Sends jitsi then to booth devices and render OTR
useless in the first place? Later: It sends happily in plain to all!, ok,
the chatwindow tells then its unencrypted …

7. If i get this message: xx@xx.dyndns.org/nexus 7 ist an mehreren Geräten
angemeldet und OTR hat mehrere Verbindungen erstellt. Sie können eine der
Verbindungen aus dem Menu auswählen.
I can cycle through all connections with the small icon and none! changes
the lock icon to "encrypted" although the message states the opposite.

jitsi v2.5.5371

Its a rather long rant but i want to use otr with anyone, also with my tech
friendly contacts with multiple devices.

Ok after a long fiddle i have multiple OTR channels, but the user
experience was really bad, not so tech savy friends would have given up 30
minutes ago and the clear attribution to which endpoint i will send is
missing, its hidden in a popup on this small not noteworthy icon which just
tells you if it is an icq or gmail or something other contact.

Regards
  Carsten


#2

Looks highly similar to my posting on 29th Dec 2014 (sent to developers
mailing list), nobody replied so far

PGP.sig (489 Bytes)

···

On 1/9/15 1:42 AM, singu.b@gmail.com wrote:

Hello,

jitsi is for me still unable to handle otr and multiple endpoints. The
menu "Secure Chat" in the chat window shows me 4 endpoints for one of
my contacts. With the first OTR went smooth and we verified this device.
Then he tried a connection from the 2nd device. And the mess starts.

1. I could not establish a OTR channel to any of the 4 devices
2. I could not establish a OTR channel after restarting jitsi to any
of the 4 devices
3. If i click on the lock icon it changes to "in progress" and sends
the start text, but OTR fails:

xx@xx.dyndns.org/nexus <http://xx@xx.dyndns.org/nexus> 7 ist an
mehreren Geräten angemeldet und OTR hat mehrere Verbindungen erstellt.
Sie können eine der Verbindungen aus dem Menu auswählen.
Privates Gespräch mit xx@xx.dyndns.org/nexus
<http://xx@xx.dyndns.org/nexus> 7 abgebrochen.

4. If my contact start OTR i can see the OTR stuff and encrypted
content in gmail, but my text is send in plain! At least the lock icon
stays as "plain text" but there should be no half encrypted channel
5. If my contact start OTR from the second device and it works, then
my input window is not drawn to this connection, so this could explain
4, as the link to the first device is still unencrypted (but incomming
messages draw the input field to this connection)

6. If somehow an other device in the list of 4 gets OTR set up i can
not tell to which endpoint it sends to, ooooh, i have found the ui
element, its well hidden with this small arrow. And second to that:
what happens if there is only one OTR channel and 2 logged in devices,
and this little icon stands on "send to all"? Sends jitsi then to
booth devices and render OTR useless in the first place? Later: It
sends happily in plain to all!, ok, the chatwindow tells then its
unencrypted …

7. If i get this message: xx@xx.dyndns.org/nexus
<http://xx@xx.dyndns.org/nexus> 7 ist an mehreren Geräten angemeldet
und OTR hat mehrere Verbindungen erstellt. Sie können eine der
Verbindungen aus dem Menu auswählen.
I can cycle through all connections with the small icon and none!
changes the lock icon to "encrypted" although the message states the
opposite.

jitsi v2.5.5371

Its a rather long rant but i want to use otr with anyone, also with my
tech friendly contacts with multiple devices.

Ok after a long fiddle i have multiple OTR channels, but the user
experience was really bad, not so tech savy friends would have given
up 30 minutes ago and the clear attribution to which endpoint i will
send is missing, its hidden in a popup on this small not noteworthy
icon which just tells you if it is an icq or gmail or something other
contact.

Regards
  Carsten

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Hi all,

We - at least I - did notice your emails. I'm aware of this and I can't
imagine that I'm the only one.
I'm willing to have a look at this, but I'm trying to finish up some
other stuff. Too much to do, too little time :slight_smile:

What protocols are you using? I don't think I can make this up from the
description below. I see you referring to the ICQ icon, and on Gmail -
so I assume you're using an Google Talk account, at least. (And maybe
tried ICQ too?)

The tricky thing here is that both XMPP supports multiple simultaneous
receivers and OTR multiple sessions. I suspect that that is what makes
it unclear to understand what the actual state is. (XMPP sessions x OTR
sessions)

Also note, that there is a known issue w.r.t. the padlock icon. It may
not always show the correct session state even though the underlying OTR
implementation is in the correct state. (So yeah, the padlock can
unfortunately show as open - plain text, instead of closed - encrypted,
even though OTR is encrypted.) We're aware of this, but it isn't
resolved yet.

It would especially be useful to have a reproduction recipe to produce
your issues. The easier it is to reproduce it, the faster one can look
at your specific problem. Even if to only distinguish bugs from the
known issue described above.

Kind regards,
Danny

···

On 01/09/2015 01:42 AM, singu.b@gmail.com wrote:

Hello,

jitsi is for me still unable to handle otr and multiple endpoints. The
menu "Secure Chat" in the chat window shows me 4 endpoints for one of
my contacts. With the first OTR went smooth and we verified this device.
Then he tried a connection from the 2nd device. And the mess starts.

1. I could not establish a OTR channel to any of the 4 devices
2. I could not establish a OTR channel after restarting jitsi to any
of the 4 devices
3. If i click on the lock icon it changes to "in progress" and sends
the start text, but OTR fails:

xx@xx.dyndns.org/nexus <http://xx@xx.dyndns.org/nexus> 7 ist an
mehreren Geräten angemeldet und OTR hat mehrere Verbindungen erstellt.
Sie können eine der Verbindungen aus dem Menu auswählen.
Privates Gespräch mit xx@xx.dyndns.org/nexus
<http://xx@xx.dyndns.org/nexus> 7 abgebrochen.

4. If my contact start OTR i can see the OTR stuff and encrypted
content in gmail, but my text is send in plain! At least the lock icon
stays as "plain text" but there should be no half encrypted channel
5. If my contact start OTR from the second device and it works, then
my input window is not drawn to this connection, so this could explain
4, as the link to the first device is still unencrypted (but incomming
messages draw the input field to this connection)

6. If somehow an other device in the list of 4 gets OTR set up i can
not tell to which endpoint it sends to, ooooh, i have found the ui
element, its well hidden with this small arrow. And second to that:
what happens if there is only one OTR channel and 2 logged in devices,
and this little icon stands on "send to all"? Sends jitsi then to
booth devices and render OTR useless in the first place? Later: It
sends happily in plain to all!, ok, the chatwindow tells then its
unencrypted …

7. If i get this message: xx@xx.dyndns.org/nexus
<http://xx@xx.dyndns.org/nexus> 7 ist an mehreren Geräten angemeldet
und OTR hat mehrere Verbindungen erstellt. Sie können eine der
Verbindungen aus dem Menu auswählen.
I can cycle through all connections with the small icon and none!
changes the lock icon to "encrypted" although the message states the
opposite.

jitsi v2.5.5371

Its a rather long rant but i want to use otr with anyone, also with my
tech friendly contacts with multiple devices.

Ok after a long fiddle i have multiple OTR channels, but the user
experience was really bad, not so tech savy friends would have given
up 30 minutes ago and the clear attribution to which endpoint i will
send is missing, its hidden in a popup on this small not noteworthy
icon which just tells you if it is an icq or gmail or something other
contact.

Regards
  Carsten

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

What protocols are you using?

This was xmpp over google talk.

It would especially be useful to have a reproduction recipe to produce

your issues.
One problem is, that starting an encrypted chat does not draw the input box
from default "send to all" to the connection which has the encryption set
up. Only receiving messages draws the box to the origin of the message. It
should be the other way around. Prefer encrypted send if there is a OTR
connection and show a warning (xyz send you a clear text message from
_device_ but you have OTR set up to _device_) but don't move the send
target of the input box, if an unencrypted message is received from an
other connection.

Second problem is that i have to look either in the menu "secure chat" or
cycle to all connections in the little icon to see which connection is
really encrypted.

Third problem is that jitsi does not write any OTR status message in the
chat window if the input box is set to the default "send to all" (which is
not even named as such).

And yes, there are really bugs with the state of this lock icon, easy to
trigger by setting up and then reestablish the OTR channel a few times.

Kind regards
  Carsten


#5

Hi,

Thanks for these. Additional feedback below.

> What protocols are you using?
This was xmpp over google talk.

> It would especially be useful to have a reproduction recipe to
produce your issues.
One problem is, that starting an encrypted chat does not draw the
input box from default "send to all" to the connection which has the
encryption set up. Only receiving messages draws the box to the origin
of the message. It should be the other way around. Prefer encrypted
send if there is a OTR connection and show a warning (xyz send you a
clear text message from _device_ but you have OTR set up to _device_)
but don't move the send target of the input box, if an unencrypted
message is received from an other connection.

I believe that there are a number of options for that. The OTR plugin
does signal for a warning if a clear text message is sent while a secure
session is established. Furthermore, there are a number of options to
enforce an OTR session. Have you looked at these? Did they not work for you?

Second problem is that i have to look either in the menu "secure chat"
or cycle to all connections in the little icon to see which connection
is really encrypted.

Right, good point to check.

Third problem is that jitsi does not write any OTR status message in
the chat window if the input box is set to the default "send to all"
(which is not even named as such).

And yes, there are really bugs with the state of this lock icon, easy
to trigger by setting up and then reestablish the OTR channel a few times.

Okay, so this is confirmed.

Danny

···

On 11-01-15 21:02, singub+all@gmail.com wrote:

Kind regards
  Carsten

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users