Eric Rescorla wrote: >> Earl wrote: >>> I believe XMPP should use ZRTP and require that ZRTP SASL *must* be >>> displayed >>> so that it can be vocally read to the other party to determine if there >>> is a man in the middle. >>> >>> > > I don't think this is very realistic. As I said earlier there are lots > of situations where this doesn't work at all (e.g. IVR). And even in > human to human settings the available data suggests that people will not > actually check the sas.
Plus you don't always (or even often) know what the other person is supposed to sound like. /psa
