[OTR-users] New gaim-otr and otrproxy ready for beta testing
Ian Goldberg
ian at cypherpunks.ca
Mon Oct 17 18:37:03 EDT 2005
On Mon, Oct 17, 2005 at 02:39:55PM -0700, CLAY SHENTRUP wrote:
> If I verify a session key with a friend, recognizing his voice on the phone
> for instance, that satisfies the requirements for verifying his fingerprint,
> dosen't it? This seems like an obvious yes, but I'm just checking.
A secure session id? No, all that guarantees is that your current
conversation is private. It does *not* guarantee that the fingerprint
you received is actually the correct one.
If you've got him on the phone, have him verify his fingerprint. That's
sufficient, so long as his computer isn't compromised. [If it is,
*then* use the secure session id instead.]
- Ian
More information about the OTR-users
mailing list