Hacker News new | past | comments | ask | show | jobs | submit login

TOFU (Trust on First Use, e.g. what SSH is doing) is already the defacto standard. The only difference is that the warning is less annoying in Signal/iMessage (soon)/etc. Matrix and Signal also offer out-of-band verification, but since compromising TOFU requires actively compromising a user before the key exchange (and it's tamper-evident) it's not really a very big concern for a vast majority of communication.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: