Forgetting about http://tor.stackexchange.com/questions/219/how-to-use-hidden-service-authentication in this very post of mine.
So person A (callee) as an onioncat IPv6and person B (caller) has another onioncat IPv6.
Now person B calls person A.
- Person B should be confident talking to person A. Authentication fine here.
- But what about person A? Person A has no way of knowing, that person B is calling? There could also be a man in the middle? (Not an “easy” “usual” one the comes to mind.) I mean, anyone could set up an onioncat IPv6. And then perhaps brute force (scan) through all available onioncat IPv6 and perhaps hit the right one by chance?
Or the same in slightly other words:
- Let’s say two people know each other and trust each other for years but want to communicate without someone else knowing they communicate. They have exchanged OpenPGP keys and know those are the right ones.
- Let’s suppose there is an adversary who can perfectly imitate the voice of the caller.
- How does the callee know that really the person he thinks is calling, authenticate, and not someone who can imitate the voice?
(Well, probably you notice, because no one can imitate so well yet, I think, but you see the point and it’s important for non-voice communication.)
Does onioncat say or do something about that?