Implement Blind Trust Before Verification

[iNPUTmice]

Since version 1.15.0 Conversations uses a new trust and verification concept called Blind Trust Before Verification. Gajim should consider implementing this as well. Note that this is a client side concept only and implementing is not a requirement for compatibility. However thus far I believe this to be a very good model but it would also be OK to first see if users accept this new concept in Conversations.

[kaiyou]

Pasting my previous thoughts:

Allowing encryption without authentication not only partially (even completely according to some) defeats the purpose of encryption, it is also counterproductive by providing a false sense of security.

Also, two bad behaviours are competing here: users who think they need privacy quickly and do not go through the process of carefully verifying the fingerprint (in the case authentication is mandatory) or users who will forget about authentication all the same and never bother about warnings (in the case authentication is optional).

I completely agree with Conversation way of things and the concept of Blind Trust Before Verification sounds like the most sensible path. I am not familiar enough with OMEMO, also is there a specified mechanism for verification without physical or out-of-band channel (ie. previously shared secret, personal challenge/response, etc.) ?

[lovetox]

@kaiyou no there is neither in conversations, right now you can scan the QR code of your friend and can so verify multiple devices at once.

sadly i think this will take some while for the plugin to implement, because gajim gives us really no good ui to display if a message is from a trusted instance or a verified instance.

i dont really want to resort to text notifications.

i have to get this into gajim first, so we can have multiple visual indications what state a message has

[lovetox]

Moved https://dev.gajim.org/gajim/gajim-plugins/issues/310