[kitkat_new]

doesn't OMEMO have the problem that you have to verify every session from all your sessions, which is practically infeasible?

[nicoco]

If you are serious about needing e2ee, using few sessions (well, devices) and actually verifying fingerprints OOB is a must, and that's true for all E2EE methods AFAIK?

[kitkat_new]

> and actually verifying fingerprints OOB is a must, and that's true for all E2EE methods AFAIK?

most E2EE messaging services (e.g. Matrix, Signal, WhatsApp) enable verifying other people instead of devices, reducing the required verifications for one person to 1 instead of 1 per session

[upofadown]

More like every device from all your devices. That comes from the Signal protocol. If you want one verification per user then that would be PGP.

[kitkat_new]

> More like every device from all your devices.

no, you could have multiple sessions per device, e.g. desktop client and browser tab

> That comes from the Signal protocol.

no, Signal doesn't require this