[OTR-users] Newbie questions about verifying your buddies' fingerprints
Benjamin Esham
bdesham at gmail.com
Fri Nov 11 22:45:51 EST 2005
Hello all,
I'm using the OTR plugin for Adium (so I'm using the older version of
the OTR protocol). The idea of encrypted IMing is great, though I
haven't yet been able to coerce any of my friends to convert to an
OTR-capable IM client :-)
My question is this: I should be verifying my buddies' fingerprints
before I start conversations, right? In other words, is OTR like
OpenPGP to the extent that I need to verify that the key
[fingerprint] really belongs to the buddy I think I'm talking to?
This seems like a standard process for encrypted information
exchange, but the website says nothing about confirming your buddy's
fingerprint.
If it is true that you should verify your fingerprints, would it make
sense (as another poster just asked) to publish my OTR fingerprint
online, signed by my GPG key? (If /that/'s true, is there any
particular reason why the window displaying the fingerprint in Adium
won't allow the fingerprint to be copied, and even disappears when
switching to another application?)
Thanks for answers to any of these questions!
--
Benjamin D. Esham
bdesham at gmail.com | http://bdesham.net | AIM: bdesham128
Wikipedia, the Free Encyclopedia • http://en.wikipedia.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20051111/82d7dc86/attachment.pgp>
More information about the OTR-users
mailing list