Do OTR users compare key fingerprints or session IDs? Or none of the above?
-
-
Replying to @matthew_d_green
@matthew_d_green can't ensure people send public keys over a secure channel though :( The pains of bootstrapping a secure system1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green that is big part of functional/actual security problem, same w physical security (my background)weak human links1 reply 0 retweets 0 likes -
Replying to @CliffsEsport
@CliffsEsport@bascule Surely you can force people to do this stuff...4 replies 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@CliffsEsport how do you solve the bootstrapping problem if people don't have secure channels to transmit public keys?1 reply 0 retweets 1 like -
Replying to @bascule
@bascule@CliffsEsport You make them do a voice call?3 replies 0 retweets 0 likes
@matthew_d_green @CliffsEsport phone calls to verify key fingerprints seem like they happen as often as keysigning parties i.e. never
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.