> Cracking the usable key verification problem. This move brings WhatsApp to
> the same level of security as iMessage (or better, given the forward
> security), but WhatsApp/Facebook could still do a switcheroo on people's
> keys. TextSecure never really figured this out IMO - it still expects people
> to manually compare long strings of hex.
On this point in particular, projects like SafeSlinger attempt to reduce the
complexity of hex, but the inconvenience of synchronous communication for
out-of-band verification remains. Does out-of-band become worthwhile if we give
unobtrusive verification nudges in our UX's to the tune of "When you can see or
hear Alice, tap here to verify her for good"?
Cheers,
Mike
Michael W. Farb
Research Programmer, Carnegie Mellon University CyLab
M 412-965-4725 - www.cylab.cmu.edu/safeslinger
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
