Clarify BRP Attack Vector
Do we assume or not assume that the public keys were exchanged through a secure channel? The following sentence seems to imply the former.
Merge request reports
Activity
Thanks for this contribution @thomas. The intended meaning is something like this:
Ideally the public keys would be exchanged over a secure channel. But in reality the parties may not have a secure channel available, or may not understand which of the channels available to them are secure. So we don't assume that the keys have been exchanged over a secure channel. If the channel was not secure then the protocol is vulnerable to MITM attacks during the initial exchange of public keys.
Thanks @akwizgran , now I understand.
Maybe there is a way to make this more clear? I tried but I don't think I did well ...
But thanks already!
Looks great, thanks @thomas!
mentioned in commit 85b59df3