Off the Record messaging protocol has a intrinsic binding flaw in the <=2.X. It basically makes one person think they are talking to another. The new version of otr is a complete rewrite, and also is a new protocol version 2 of the otr protocol. It will however have the ability to interact with the older (<=2.X) version 1 protocol Reproducible: Always Steps to Reproduce: Information about the security flaw can be found here. http://lists.cypherpunks.ca/pipermail/otr-users/2005-July/000316.html
Created attachment 72253 [details] gaim_otr diff update
I just tested the new version with gaim 1.5.0 (won't work on gaim-2.0 yet per steev). As a new warning about protcols. You'll see the following when you connect to someone with the version 1 protocol. Unverified conversation with ${person} started. Warning: using old protocol version 1. (17:55:50) Attempting to refresh the private conversation with ${person}... (17:55:51) Successfully refreshed the unverified conversation with ${person}. Warning: using old protocol version 1.
*** Bug 111716 has been marked as a duplicate of this bug. ***
*** Bug 111718 has been marked as a duplicate of this bug. ***
*** Bug 112094 has been marked as a duplicate of this bug. ***
*** Bug 112095 has been marked as a duplicate of this bug. ***
current version tarball for the gaim plugin is here: http://www.cypherpunks.ca/otr/gaim-otr-3.0.0.tar.gz link to main page: http://www.cypherpunks.ca/otr/ can someone make some ebuilds???
libotr and gaim-otr 3.0.0 committed to portage ~x86. Sorry for delay in processing.
