[Telepathy] Designing Telepathy/XMPP end-to-end security

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Jun 13 05:37:56 PDT 2012


On 12/06/12 14:42, Simon McVittie wrote:
> * Because Alice might be planning to authenticate Bob informally
>   by recognising his voice

As written, this is actually just leap-of-faith: it can't distinguish
between normal operation and a man-in-the-middle attack, unless there is
a handshake involving key material (the simplest case is Alice asking
Bob to read out his key fingerprint or something, but SRP or SMP with a
pre-shared secret would also work).

    S


More information about the telepathy mailing list