We should recommend how to handle delayed messages in this situations:

• Starting an online conversation after an offline one
• Starting an offline conversation after an online one
• Receiving a new Indetity message in ENCRYPTED_MESSAGES state.

We should also clarify how long the skipped_MKenc live in this situations.

See otrv4/otrv4#195 and otrv4/otrv4#215 for reference.

See:

otrv4/pidgin-otrng#103

For this, this will help:

There is a callback that is made immediately before a message is encrypted and immediately after a message is decrypted. This callback can tweak the plaintext message as needed. For example, this could allow an application to convert formatting on a message if this would normally be done on the plaintext by some other entity while the message is in transit.

In previous OTR versions, receiving a disconnected TLV would put the
state machine into a "FINISHED" state. A client in this state would
refuse to send new messages from the user until the user explicitly
indicated that they understood the conversation was over.

The rationale was to prevent the following scenario:

• Alice's client sends a disconnected TLV to Bob's client
• Bob types a secret message into his client's textbox and begins to move his hand toward the "send" button
• Bob's client receives the disconnected TLV and enters an "unencrypted" state
• Bob presses the "send" button
• Bob's client sends an unencrypted message that Bob intended to be sent securely

Previous OTR clients handled this situation by refusing to send Bob's message until he indicated that he understood the encrypted conversation was over, and then re-sent the message (or not). There are other UX choices that can be made here, but they must prevent this accidental leakage scenario.

Some networks allow receiving historic conversation content. Such message dumps may include a (in)complete OTR transcript, from query tag to end-of-session. In case a client is aware that this concerns historic chat messages, we may want to advise skipping processing of these messages altogether - or special treatment.

For example, IRCv3's chat history extension describes how one could receive a batch that is a complete conversation. XMPP seems to have something similar, although I'm not fully aware of XMPP features.

Consider the following issues:

• processing historic messages will result in failing OTR sessions, hence not desirable.
• not processing messages at all, will result in OTR-encoded "message spam" in the client chat window.

Define that every time that a long-term public key changes, a verification has to happen.

It may be useful to make a distinction between the data that is significant as part of the ClientProfile and the data that is important for the signed profile "payload". Most fields are relevant to the profile, but it seems to me that the Client Profile Expiration is only really useful for the signed payload.

When handling data in the client, one can internally manage the data without the expiration date and only when a (renewed) signed profile is required do we need to add a timestamp that we can determine at that time.

Remember also that if there is the policy 'error_start_dake' you will have to send a TLV disconnected and a query message to actually start the DAKE.