[messaging] RFC: Proposal for alternative primary identifiers in mobile messaging (specifically Signal)

Tim Kuijsten info at netsend.nl
Tue May 29 03:47:37 PDT 2018

>Also, homoglyph attacks are possible on anything a user could recognize
>(email identifiers, usernames), and these are terrifyingly easy to pull
>off. Just this attack alone imo means we need to stop relying on users (ie:
>do I recognize this email address) for verification and exclusively use 1)
>artifacts that dont rely on humans and 2) computers for verification.
>Phishing is well understood by researchers yet highly effective (whelp).

How can you completely avoid people having to recognize something? 
Doesn't it always start with human verification at some point?

More information about the Messaging mailing list