I can't find any Wickr UI to access a key fingerprint. We don't really discuss what should happen after a user finds that the key fingerprints don't match. Do they just switch communication systems? Report to some sort of community or authority? Hire a lawyer? The strength of the protocol for dealing with identity errors determines that value of a key verification ritual.
US number: +1 650-492-8286 Text Secure <https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en>: +1650-862-5992 Surespot/Wickr: zmanian Public Key <https://raw.github.com/zmanian/pub_keys/master/gpg/%[email protected]%3E.public.gpg-key> On Sat, Sep 13, 2014 at 12:58 PM, Tom Ritter <[email protected]> wrote: > On 12 September 2014 23:42, Joseph Bonneau <[email protected]> wrote: > > *Apple iMessage, Wickr and BBM Protected can all be described as > > opportunistic encryption messaging systems that have been very successful > > deployment-wise. Although AFAIK none of them provide any MITM resistance > if > > the centralized public key servers are compromised or misbehave. > > It's my understanding that Wickr recently implemented features to > expose fingerprints. I'm not 100% certain. It would be an interesting > experiment to see what happens with these fingerprints if you e.g. > wipe your phone and reinstall, or move your SIM to a new device and > install. > > Considering the ease with which an app could expose fingerprints and > make no effort to tell people to verify them, I feel all apps should > at least do that. > > -tom > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
