samd wrote:sphynx wrote:I've tested this with someone and inspected what was sent and received, and that first message is indeed encrypted. I realize it looks misleading, but that's because we immediately display what you send (without waiting for it to have actually been sent), but an OTR session takes a couple of messages back and forth to initiate, so it takes slightly longer to know the OTR session started successfully (and the message is not actually sent before this is done).
I hope this clears things up for you.
Thanks for the reply! Yeah it clears things up, but just to make it more clear: You're using the word "message" in two different meanings above, right? When you say "takes a couple of messages back and forth to initiate", that's some other kind of a message, right?
Also, what tool did you use to analyze what data was sent and received?
Not
exactly, but that how it appears. OTR is made in a way to be completely agnostic of the underlying protocol. When you invite someone to an OTR conversation, what actually happens is that Adium sends a message with something like "OTR: Contactname has invited you to an OTR conversation, but you do not have a plugin for this." You do not see that message that you sent, and if the other end does have support for it, it will intercept this message an reply something to continue the initiation (which will also be hidden from you).
So what I meant to say is: your own, manually typed message, will not be sent until OTR has exchanged some messages for you.
I verified this by opening Adium's debug window (
http://trac.adium.im/wiki/CurrentAdiumDebug), which shows everything that is sent for Jabber connections, and starting a conversation with someone while having "Force OTR encryption" on. There were no messages exchanged in plain text (except the invitation message from OTR I just mentioned, of course).
