I'm removing the classification as a security vulnerability, because the expected behavior currently for OTR sessions is that they'll be either manually initiated or automatically initiated once a client detects that a chat partner is also OTR-capable.
This is a feature request, but one that I doubt will be implemented on any client, since OTR is all in-band, and it would require sending a message that non-OTR'd clients would see bare.
I'm removing the classification as a security vulnerability, because the expected behavior currently for OTR sessions is that they'll be either manually initiated or automatically initiated once a client detects that a chat partner is also OTR-capable.
This is a feature request, but one that I doubt will be implemented on any client, since OTR is all in-band, and it would require sending a message that non-OTR'd clients would see bare.