|
|
|
|
|
|
by bjoli
2869 days ago
|
|
|
Well, you always have to verify keys. No security is guaranteed without it. That is the case everywhere. Those pre-keys are just there to start a session, which in my communication with my brother case has lasted for as long as I had my phone (about 3 years). That session creates new key material with every message, providing forward secrecy. I think it is a pretty elegant solution to key distribution, even though I wouldn't plan any bomb attempts without first validating the fingerprints. |
|
|