Description
This line is problematic: https://github.com/python-otr/pure-python-otr/blob/staging/src/potr/proto.py#L134
Its purpose is to check that the parsed OTR tag advertises a correct protocol version by checking that the value is a digit.
First, since python3, isdigit() (and posssibly isdecimal and isnumeric) goes by a quite wider definition of "digit". For example, UTF-8 characters other than 0-9, but representing symbols containing a digit in them will match, as well as digits from other alphabets.
Example:
'9' == '⑨'
True
First, this caused panic and anger, but then, reading the OTRv2 spec:
"If she is willing to use OTR versions other than 1, a "v" followed by the byte identifiers for the versions in question, followed by "?". The byte identifier for OTR version 2 is "2". The order of the identifiers between the "v" and the "?" does not matter, but none should be listed more than once."
we actually realised any byte might at some point designate a version. It just happens that the ascii value "2" was chosen.
In that context, a better option might be to remove this isdigit() test altogether, as it does not reflect a specification constraint.