This is possibly the best probable security system we can have in a messaging app albeit introduces complex book keeping and complexity, which can (and will be) exploited.
Our initial approach of using PKI and generating certificate on a new device and getting it signed by server is good enough. We can display a red/yellow/green indicator next to contacts to indicate their verification level and users can mail numbers/scan barcodes to improve verification with fellows. We can bundle new DH parameters with each message exchanged to refresh encryption token used for better forward secrecy.
This is possibly the best probable security system we can have in a messaging app albeit introduces complex book keeping and complexity, which can (and will be) exploited.
Our initial approach of using PKI and generating certificate on a new device and getting it signed by server is good enough. We can display a red/yellow/green indicator next to contacts to indicate their verification level and users can mail numbers/scan barcodes to improve verification with fellows. We can bundle new DH parameters with each message exchanged to refresh encryption token used for better forward secrecy.