Justin King-Lacroix wrote on 12/07/2015 02:52 PM:
No. Even in principle, this is essentially impossible -- two parties with no relationship basically can't communicate securely. There are lots of approaches to the problem, but they all involve breaking the 'no relationship' constraint. PKI -- and thus iMessage, WhatsApp -- does it by introducing a well-known trusted third-party. PGP / Web of Trust does it by relying on social graphs. OTR and SSH leave it up to you: they show you the key fingerprint, and it's up to you to work out whether it's the right one. But in general, the problem you're describing has no solution.
This is like an unexpected cold shower for me, but I think there has to be, ought to be, a solution, and I'm optimistic about it. It should be a call, a challenge, for all doing research in crypto to find the "final solution" to this problem.
(Once you've exchanged keys, of course, there are a multitude of way to create a secure channel on that basis. But you need to exchange keys somehow first.)
-- U.Mutlu _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
