On 5/8/07, Avi <avi.wiki(a)gmail.com> wrote:
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incideā¦
may not be a poor idea for some of us to either meet
in person with
out
fingerprints, or at the very least perform encrypted challenge-responses
with each other, to create a baseline for identification purposes.
I don't see how your encrypted challenge response isn't vulnerable to
a MITM attack. ;)
I.e. I claim to be cyde and give you a key I control but which says
'cyde', then I got to cyde and give him a key claiming to be you..
then I proxy communication between you two. :)
The standard behavior for PGP web of trust is a verified identity
exchange, i.e. person to person with a shown ID.