[OTR-users] new user, comments on authentication
Ian Goldberg
ian at cypherpunks.ca
Wed Nov 28 11:42:43 EST 2007
On Tue, Nov 27, 2007 at 11:55:46AM -0500, Paul Wouters wrote:
> On Mon, 26 Nov 2007, Ian Goldberg wrote:
>
> > As for normalization: that's hard to do when you don't know what the
> > users will be entering. But the users can say (in-band) "that
> > restaurant we went to that time, all lowercase, no spaces".
>
> That's opening a dangerous door. If you have geo tagged flickr
> photos of that dinner that was memorable enough.
>
> I found in general, people do not understand what a man in the middle
> is. Numerous of my (not really dumb) friends, tend to believe that
> you can do something like the above, but with the answer supplied
> in-band as well.
>
> I would much rather suggest the user to pick up the phone.
I would much rather the users actually pick up the phone. But they
won't, and there's nothing we can do about that. So we need to provide
them a method that's at least plausible for them to use securely.
We're definitely open to ideas of ways to make it as easy to use
securely as possible.
- Ian
More information about the OTR-users
mailing list