Quote:
Originally posted by pod
There probably is no reasonable way to implement a P2P authentication system.
|
i think tankgirl just described one: all users are identified by their public key.
so whenever you communicate with a user in your hotlist, the software will issue a cryptographic challenge based on his/her public key. this way you can be 100% sure that the user you are chatting with really is the one you added to your hotlist in the first place (assuming that his/her private key hasn't leaked out).
- jaan