Is this the ritual of getting together with a person and checking that their fingerprint match what you see on the app?

If this is that case what will happen is that people will start verifying everyone (because they might want to text to strangers that they can't bother verifying because the stakes are so low) and so verification will lose all meaning.

▲

syntheticnature 4 hours ago | parent | next [-]

It is not; I know we don't read articles here, but...

▲

ranger_danger 5 hours ago | parent | prev [-]

Isn't this how TLS itself already works? "trust on first use"?

▲

pavon 5 hours ago | parent | next [-]

Not in current practice. That is why you have to get a certificate from a trusted CA. If your CA isn't in the browser's cert database they will reject the connection even on the first time. If browsers allowed TOFU we would still be able to use self-issued certificates, without manually distributing certs to anyone that uses your service.

SSH is an example of TOFU.

	▲	majorchord 3 hours ago \| parent [-]
		> we would still be able to use self-issued certificates You still can... it just displays a warning message on first use, as does ssh.

▲

treyd 5 hours ago | parent | prev [-]

With PKI you're trusting a certificate chain up to a CA you already trust, by way of your OS or browser vendor.

A domain can layer on HSTS to that, which directs clients to additionally refuse to trust a new cert for a domain until the one you currently trust has expired.

	▲	scheub 3 hours ago \| parent [-]
		That’s not what HSTS does. It asks the client to remember that you want to only use TLS for that domain and refuse to use unencrypted HTTP in the future.