[OTR-users] new user, comments on authentication
Ian Goldberg
ian at cypherpunks.ca
Mon Nov 26 18:35:42 EST 2007
On Sun, Nov 25, 2007 at 05:20:59PM -0600, Harlan Iverson wrote:
> For my friends, they just 'knew' at the time that they were talking to me,
> so authenticating using a shared secret was not something that they cared to
> investigate further.
How could they possibly know this? Without doing some kind of
authentication (either the manual fingerprint check or the shared
secret), there's no way to distinguish a working OTR connection and one
that's going through a MITM (say, the automated OTR MITM plugin for
ejabberd: http://www.ejabberd.im/mod_otr ).
- Ian
More information about the OTR-users
mailing list