On 2014-06-17 18:55:15 +0000, Daniel Kahn Gillmor said:
In the real world, the incentive to accept fakes is slightly different than either of the above. In nearly all scenarios [0] where a fingerprint is presented and needs to be confirmed or denied, it is *an obstacle in the way of doing what you were trying to do*. [...] [0] OTR is just about the only exception to this obstacle situation, and in practice, many users of OTR simply skip the fingerprint comparison or SMP confirmation step entirely (which i think might even be strictly worse than accepting an unverified fingerprint once and getting TOFU-like alerts upon peer key change).
I wonder if this behavior is spec-dictated. I think that it might make sense to pin the peer key on first sight and give a warning if a new one is encountered (and obviously upgrade it to verified once the user takes that step).
Are there any implementations doing it this way or was this ever discussed before for OTR?
-- filippo _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
