|
|
|
|
|
|
by pR0Ps
4094 days ago
|
|
|
Key distribution isn't really something we're doing. Each user just keeps their own list of verified identities. We're using the same system we inherited from TextSecure for encrypted SMS: Trust keys implicitly on first use, while encouraging users to verify them out of band. The verification is handled by providing a screen that has your identity and what you think the recipient's identity is. If the recipient's identity matches what your app says and vice-versa, then you know you're talking to the right person. Ideally, the verification would be done in-person or via another secure means of communication. Currently you can verify identities by just reading them out, or via QR code. |
|
|