[Telepathy] Designing Telepathy/XMPP end-to-end security

[Simon McVittie]

On 12/06/12 14:42, Simon McVittie wrote:
> * Because Alice might be planning to authenticate Bob informally
>   by recognising his voice

As written, this is actually just leap-of-faith: it can't distinguish
between normal operation and a man-in-the-middle attack, unless there is
a handshake involving key material (the simplest case is Alice asking
Bob to read out his key fingerprint or something, but SRP or SMP with a
pre-shared secret would also work).

    S