|
|
|
|
|
|
by lxgr
931 days ago
|
|
|
WhatsApp has always allowed key verification (at least since they've supported encryption), as far as I remember. > It’s like basic 101 cryptography if you design an encrypted protocol that isn’t using a trusted third party for key verification (like certificate authorities in TLS/SSL). SSH/TOFU is one model, PKI is another. Both have their respective merits, especially when combining PKI with certificate transparency. |
|
|