[Psi-Devel] Off-the-Record messaging for Psi
Kevin Smith
kevin at kismith.co.uk
Mon Oct 8 05:36:28 PDT 2007
On 8 Oct 2007, at 13:00, Timo Engel wrote:
> OTR uses authentication with DSA keys. You can be sure there is no
> man-in-the-middle attack. Of course, you have to verify the
> fingerprints of
> the public keys. With other encryption protocols it's the same
> problem.
Is that exposed in this plugin? I've not noticed any client
presenting keys for oob verification before (in fact, Psi is one of
the relatively few clients that does SSL cert checking).
/K
More information about the Psi-Devel
mailing list