[Psi-Devel] Off-the-Record messaging for Psi
Kevin Smith
kevin at kismith.co.uk
Sun Oct 14 23:19:19 PDT 2007
On 8 Oct 2007, at 14:38, Kevin Smith wrote:
> On 8 Oct 2007, at 14:31, Timo Engel wrote:
>> The OTR-Plugins for Psi and Gaim store a list of known
>> fingerprints. If a
>> contact requests a secure OTR-connection with a different
>> fingerprint (e.g. in
>> case of a man-in-the-middle attack) a warning is shown to the user.
> I take it back and apologise then.
I've now had several people mail me out of band to say I'm not wrong,
so we should probably clarify.
If these fingerprints are stored automatically then it's worthless,
because it's susceptible to MITM (which was my original belief).
If these fingerprints are stored manually after out of band
verification then it's secure.
/K
More information about the Psi-Devel
mailing list