Do OTR users compare key fingerprints or session IDs? Or none of the above?
@matthew_d_green can't ensure people send public keys over a secure channel though :( The pains of bootstrapping a secure system
-
-
@bascule@matthew_d_green that is big part of functional/actual security problem, same w physical security (my background)weak human links -
@CliffsEsport@bascule Surely you can force people to do this stuff... -
@matthew_d_green@CliffsEsport how do you solve the bootstrapping problem if people don't have secure channels to transmit public keys? -
@bascule@CliffsEsport You make them do a voice call? -
@matthew_d_green@CliffsEsport how do you enforce that though? what keeps them from using e.g. plaintext email/IM? -
@bascule@CliffsEsport Voice recognition! -
@matthew_d_green@CliffsEsport My VOICE is my Passport
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.