XSF Discussion - 2019-02-10

  1. jonas’

    lucky me, python already does the \u escape when dumping JSON for surrogates and control characters

  2. Guus

    ah, I've heard back from the unstable.nl admin

  3. Guus

    let's see if we can close that can of spam.

  4. pep.

    Matthew, re e2ee, all these guarantees obviously assume fingerprint validation right? There's no bypassing this?

  5. pep.

    (I wish I had a magical answer for this..)

  6. Zash

    pep.: No, someone has to verify someone at some point for cryto dust to do its magic

  7. pep.

    Yeah, and that's usually where people fail (lazyness, inconvenience, ignorance, whatever you want to call it)

  8. mathieui

    I usually call that "users"

  9. Matthew

    we’ve ditched fingerprint validation

  10. Matthew

    in favour of interactive verification

  11. Matthew

    https://github.com/matrix-org/matrix-doc/issues/1267

  12. Matthew

    and https://github.com/matrix-org/matrix-doc/issues/1543

  13. Matthew

    etc

  14. pep.

    Right, it's the same thing, just with a different front

  15. Matthew

    well, one’s comparing pub key fingerprints, the other’s verifying pub keys but not by direct comparison

  16. Matthew

    in the end you’re matching keys to humans, for sure :)