>From what I've read the current idea is to do manual authentication of the keys needed for end-to-end encryption via TLS.
1. Send keys over XMPP If the user agent is required to only use e2e (and thus communicate keys) when c2s is secure then the following requirement isn't needed. (Recommended) keys are sent each time when a e2e TLS connection will be taken place, and no caching to take place, because there is a possibly for the keys to be transferred over an insecure channel and cached for use where there is a secure one. Impact and attack made in the past, can still take place after the client has switched to a secure connection. *Easy *Automatic (great) *secure if you trust c2s *requires c2s 2. Allow the user to validate the certificate *Hard, confusing to some users. *Requires out of band communication *user interaction is required *increased security, doesn't rely on a 3rd party server, imagine e2e chat as well. *Will work if the server goes down I propose a mixture of both options: Ask the user if they want to manually authenticate, by what ever method, fingerprints, socialist millionaire protocol etc. the more the merrier. And provide an easy and make this choice the default, an automatic verification through the server. This allows the user increased control over the validation process if they want it But also lets users do things the easy way, and still be secure.
