On Nov 16, 2007, at 2:39 PM, Matthew Toseland wrote: > The only realistic compromize I can think of would be to have a one- > way invite > combined with offline verification: You feed the invite to your > node, then it > generates a password which you have to send back to the inviter. >
Or, reminiscent of zphone, there could be a 'verification code' which is a hash of the link encryption keys (one listed for every peer); which would show up as the same on both ends if there is no MITM. This short code could then be verified out-of-band, or *perhaps* cleverly in-band (as zphone does; can a MITM simulate your voice?/videochat). -- Robert Hailey -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071116/7d316fd0/attachment.html>
