From 06ea70be23dd26c258460a72221846e140cd4f97 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 11 Jan 2019 13:03:39 +0100 Subject: [PATCH] add section on OTR to faq --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 9df758673..2f00ce89a 100644 --- a/README.md +++ b/README.md @@ -368,6 +368,11 @@ this.) Read more about the concept on https://gultsch.de/trust.html +#### What happened to OTR support? +OTR was removed because it was highly unreliable. It didn’t work with multiple devices and was never really specified to work with XMPP. The codebase was a mess (There was an HTML parser in there for crying out loud to deal with the garbage some OTR clients would send.) Verification was implemented in a non-blocking way. It would tell you if the current session was using an unknown fingerprint but it didn’t actively stopped you from sending messages until you have confirmed the new fingerprint. (Like Conversations would do now with BTBV after verification or when BTBV is turned off.) Considering the previous points there was little to no desire from my point to fix this potential security issue or clean up the code base. Another reason for the removal was that people would use it *accidentally* even to communicate between two Conversations clients because they read somewhere that OTR is good. + +OTR is still available in [Conversations Legacy](https://github.com/siacs/Conversations/tree/legacy). + ### What clients do I use on other platforms There are XMPP Clients available for all major platforms. #### Windows / Linux