[OTR-dev] buglet in otrproxy?
Ian Goldberg
ian at cypherpunks.ca
Thu Feb 3 09:40:13 EST 2005
On Thu, Feb 03, 2005 at 03:25:08PM +0100, Paul Wouters wrote:
> Hmm. Would it make sense to send some kind of authenticated "remote party
> accepted fingerprint'? Or is this impossible on the same channel risking a
> MITM?
Until the other side accepts your fingerprint, there can't be a key
exchange, and so there's can't be an authenticated channel.
> But yeah, I guess you shouldn't cache packets in this case, to prevent
> sending them to a MITM.
If we *do* cache packets, it'd be on the receiver's end, I think.
- Ian
More information about the OTR-dev
mailing list