Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> requires you to verify each single session instead of just a the people

What do you mean by that? When no new devices are introduced you only have to verify the fingerprint of each contact once (via QR code).

> Afaik it does not have any audit either

https://conversations.im/omemo/audit.pdf



Pardon regarding the audit.

But you don't have to verify each contact once, but each session the contact uses


What do you mean by 'session'?

Here's my experience. I have three devices I use to connect to my XMPP server: phone (Conversations), PC and laptop (both gajim). Each one generates a keypair. I verified the public keys of PC and laptop by scanning a QR code using Conversations (phone). Conversations remembers all fingerprints as my own. Next time I meet a friend, they scan the QR code on my phone. They now have verified all three of my devices.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: