[OTR-dev] Separate Fingerprint For Each Account?
Ian Goldberg
ian at cypherpunks.ca
Fri Sep 19 10:13:10 EDT 2008
On Thu, Sep 18, 2008 at 01:48:20PM -0700, otr at synx.us.to wrote:
> Ian Goldberg wrote:
> > Sure, and what you say after that is at least mostly reasonable. But
> > that's not how IM clients treat identity today.
>
> Ah, yeah I will grant that there's no way to signify with an IM client
> that account A and account B are both the same person. You can however,
> automatically mark account B as verified, if it uses the same key as
> verified account A.
That doesn't work. If I'm your buddy, and you've verified my key, I'd
be able to impersonate any of your other buddies.
> The client will still treat them like different
> people, but at least OTR won't project dire warnings about it, when none
> are necessary.
But they are necessary, if the client has no way to know whether or not
account A and account B are *supposed to* be the same person.
- Ian
More information about the OTR-dev
mailing list