[OTR-users] new user, comments on authentication

[Paul Wouters]

On Mon, 26 Nov 2007, Ian Goldberg wrote:

> As for normalization: that's hard to do when you don't know what the
> users will be entering.  But the users can say (in-band) "that
> restaurant we went to that time, all lowercase, no spaces".

That's opening a dangerous door. If you have geo tagged flickr
photos of that dinner that was memorable enough.

I found in general, people do not understand what a man in the middle
is. Numerous of my (not really dumb) friends, tend to believe that
you can do something like the above, but with the answer supplied
in-band as well.

I would much rather suggest the user to pick up the phone.

Paul