|
|
|
|
|
|
by taneq
3448 days ago
|
|
|
Apart from the horrifying punctuation, I can't see how the quoted paragraph is technically incorrect. Some kind of real-world validation is required before you can trust that a public key really represents a given entity (at least, that's how I'm interpreting "verify fingerprints") and so it follows that if users don't validate the public keys of their correspondents, they can't know for sure that their conversations haven't been MitM'd. |
|
|
Whatsapp will re-transmit messages with a key provided by whatsapp without ever giving the user the option to verify that key. Even with the opt-in, the message will be re-transmitted. All the opt-in ensures is that you are notified of the key change (a notification you receive after the message has already been re-transmitted under the new key)