Hello one simple question about OTR, when I use OTR, then encryption is done between user and user or client and server?
So is the way: UserclientA->Server1->Server2->userclientB is secured end to end? OTR means D/H Exchange, what about the possible human beeing in the midde attack, that server 2 is sending back a faked key and pretends to be userclientB ? Plans OTR to implement an end to end key, that is sent over an otr connections, so that asymmetric encryption can be switched to symmetric encryption? That way even clients could participate, which have not otr implemented (by giving the end to end key over seperate channel, not otr) Regards
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
