|
|
|
|
|
|
by kogepathic
3254 days ago
|
|
|
> So in general, use a trusted channel for key exchange separate from the communication channel so that a MITM needs to control both channels? Yes, this is how PGP verification is supposed to take place. Someone sends you their public key, and then you meet them in person to verify it. Of course, nothing stops the government from sending an agent to meet you, but it does raise the effort required to MITM substantially. |
|
|