On Nov 16, 2007, at 2:39 PM, Matthew Toseland wrote:
The only realistic compromize I can think of would be to have a one-
way invite
combined with offline verification: You feed the invite to your
node, then it
generates a password which you have to send back to the inviter.
Or, reminiscent of zphone, there could be a 'verification code' which
is a hash of the link encryption keys (one listed for every peer);
which would show up as the same on both ends if there is no MITM. This
short code could then be verified out-of-band, or *perhaps* cleverly
in-band (as zphone does; can a MITM simulate your voice?/videochat).
--
Robert Hailey
_______________________________________________
Devl mailing list
Devl@freenetproject.org
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
