Hello all. I have a question about authentication in OTR. The docs say "However, once you've authenticated your buddy, you don't have to do it again. OTR will automatically do the authentication for all of your future conversations with that buddy." [1] My understanding is that the authentication is based on the idea that your buddy has a private key that no one else has. So what if you authenticate with your buddy Bob, then, somehow, Mallory gets access to Bob's computer and gets his secret key. Then OTR will continue to say that you are having an authenticated session with Bob , but it could be Mallory? Is that right?
[1] https://otr.cypherpunks.ca/help/4.0.0/authenticate.php?lang=en -- Greg Reagle System & Network Administrator Center for Economic and Policy Research rea...@cepr.net _______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
