Fingerprint handling improvements (TOFU)

Question

chrisballinger opened this issue 8 years ago · 0 comments

This will involve a somewhat significant API change to encode/decode message and its callbacks.

Don't allow messages to be sent to untrusted OTR fingerprints, and throw an error if so like how OMEMO does now. This will prevent session hijacking, where an existing trusted session is suddenly renegotiated for an untrusted one.
TOFU for OTR fingerprints