> For example, Alice can tell Bob "The funds were transferred, thanks!" and tell Carol "Bob is stealing money." — and the protocol will ascribe integrity to the messages for both participants and label them as the same message.
Isn't this trivially possible in Cryptocat for anyone who controls the server?
> Isn't this trivially possible in Cryptocat for anyone who controls the server?
Yes this is a known bug since August 2013. When I found it and reported it. This was "patched" but if Mallory controls the server it is still possible. There were three ways to do this: block (which just doesn't send messages to blocked users), silent drop when invalid MAC, and silent drop when invalid tag. Block was turned into ignore and these three cases now display a warning message stating something about integrity.
I seem to not be able to find me or anyone stating that "if Mallory controls the server it is still possible". So I guess it was only said in person. Technically it's known but not publicly known :).
P.S. This was a "clamp the artery until the mpOTR protocol is finished".
I don't think it would be trivial (it's likely possible to some degree, but authentication and integrity checks might make it slightly more difficult), but the issue with this protocol is that you don't even need server control — any client with TextSecure installed can do this.
Note: I don't mean to disparage TextSecure by saying this. By all means, TextSecure is a kickass app and you should use it. I'm just trying to point out something that could be fixed in a future update.
Isn't this trivially possible in Cryptocat for anyone who controls the server?