|
|
|
|
|
|
by morshu9001
139 days ago
|
|
|
Key transparency is a public list of keys, like what CAs do. That still trusts an authority. Of course a third party could archive/republish the key list and you could trust them instead of Whatsapp, but that's what I call an out of band key verification. These are all good measures though. It's much harder for Whatsapp to mass attack users this way. |
|
|
So for wa to do a man in the middle attack they would also need to convince Cloudflare to sign two inconsistent tree heads.