New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

interop: do sth with instance tags in dh_commit #10

Closed
hannesm opened this Issue Jul 17, 2016 · 1 comment

Comments

1 participant
@hannesm
Owner

hannesm commented Jul 17, 2016

as I read the specification (https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html), there can never be a valid receiver instance tag (>= 0x100) in the dh commit message. But some instance messaging clients (in this case coy.im) send some valid instance tag (and they seem to save instance tags in their configuration for whatever reason coyim/coyim#83)...
in short, the sympton is an assertion failure (in builder.ml header, line 36) because ake.ml check_version_instances (third case, Some _ from them, None from us) does not put any instances into the ctx, thus the builder tries to build a v3 header and can't find instance tags.

question which rise: is there harm in not checking any instance tags during dh commit, and just use those we got? (if the other side controls the tags, does it do any harm?) how does the other side react if we decide to choose another one (or send back an error)?

@hannesm

This comment has been minimized.

Owner

hannesm commented Jul 17, 2016

closing, workaround is in our code... further investigation should be done at some point, but I don't see any security loss from using the other instance tag...

@hannesm hannesm closed this Jul 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment