Modern XMPP project discussion - 2025-04-30


  1. alexkurisu

    >> but he's right, omemo mitm is possible > that's an entirely different threat vector then what we are talking about. > and only possible with tofu Which is exactly why people *must not* blindly trust keys but verify them over 3rd-party channels instead

  2. menel

    *if they care enough to bother x which they generally don't.

  3. erebion

    It all depends on threat models. My mother sending me links to news articles and recommending vegetables to buy that currently are cheaper seasonally is not something I need to protect that much, but being unable to communicate because she logs into a new phone and then encryption does not 'work' is a serious issue. For almost all other contacts I'd verify keys, though.