> > Some ability for users to detect MITM attacks by the public key server > might be enough to discourage companies/governments from doing MITM attacks > on a large scale. >
For something like WhatsApp simply notifying the user that the user has switched to another device and being forced to provide a hardware model name might be good enough. E.g. your conversation looks like this: Me: Hi! Friend: Hey <Friend has switched from a Nexus 5 to a new Nexus 5 [Learn more]> Me: Did your phone break or something? Friend: Huh what?! No my phone is fine, why? Me: Uh, it jus told me you switched to a new device .... Friend: Nope .... NSA: *busted* ok that's a bit silly, but you get the idea.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
