Well, this is the benefit of open protocols and open source. :-) Researchers from the Universita di Cantania (Italy) and IBM have looked at the OTR protocol, and pointed out a flaw, which is this: If Alice tries to communicate with Bob, Mallory (an active attacker) can make Bob _think_ he's talking to Mallory, when he's actually talking to Alice. Alice correctly knows she's talking to Bob. Note that Mallory can't actually _read_ the messages between Alice and Bob. For example, if Bob thinks he's talking to Mallory, he may tell her something in confidence he would not want Alice to hear. Note that although Mallory could relate this confidential information to Alice herself, but in the attack scenario Alice has assurance that the message came from Bob rather than having to take Mallory's word for it. There's a simple temporary workaround: Alice should say "Hi, this is Alice." at the beginning of the conversation, alerting Bob to any possible attack. Likewise, Bob should identify himself to prevent the attack in the opposite direction. But in the longer term, we're going to fix the protocol to prevent the attack in the first place. Unfortunately, this will mean changing the wire protocol, which will cause incompatibility. The current plan is for the next version of libotr to support both the current and new protocols (with an option to disallow the current protocol); if you communicate with someone speaking the current protocol, it will let you know that you should confirm your identity with the other person. [Note that in the attack scenario, the people communicating are not "in on" the attack, so simply mentioning your own name inside the OTR conversation is sufficient.] As a side effect, if anyone's got other enhancements to OTR in the wings that would require wire protocol changes, now's the time to speak up. :-) - The OTR Dev Team [Note that Ian and Kat will shortly be off the net until Monday evening, but Nikita may be around.]