OTR is end-to-end but requires users to verify their contact's fingerprints to prevent active MITM attacks
On Mon, Mar 3, 2014 at 5:19 AM, Randolph <[email protected]> wrote: > Hello > one simple question about OTR, when I use OTR, then encryption is done > between user and user or client and server? > > So is the way: UserclientA->Server1->Server2->userclientB is secured end > to end? > > OTR means D/H Exchange, what about the possible human beeing in the midde > attack, that server 2 is sending back a faked key and pretends to be > userclientB ? > > Plans OTR to implement an end to end key, that is sent over an otr > connections, so that asymmetric encryption can be switched to symmetric > encryption? > > That way even clients could participate, which have not otr implemented > (by giving the end to end key over seperate channel, not otr) > > Regards > > _______________________________________________ > OTR-dev mailing list > [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > >
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
