4. Directory service could be modified to enable a MITM attack? Yes
This is incorrect, as there is no user directory service at all (and no knowledge of even the number of users), and MITM by servers is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).
simplex / SimpleX Chat
npub1ex…7d828
2024-08-24 12:18:14
in reply to nevent1q…hkk5
Author Public Key
npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828Published at
2024-08-24 12:18:14Event JSON
{
"id": "1427610cc07f6315c69cb945d4df8ae0976eb2df0d70aac56c258b99edce0e22",
"pubkey": "c998a5739f04f7fff202c54962aa5782b34ecb10d6f915bdfdd7582963bf9171",
"created_at": 1724501894,
"kind": 1,
"tags": [
[
"e",
"c86fd410e1d6f4c50be8d9cabfa4758f6d79d31f0ad7ce9fb965f388d0050e31",
"",
"root"
],
[
"e",
"7d2bbc00796716ed590938bf60ade00cfee519921bf8096a93742a9b867d285e",
"",
"reply"
],
[
"p",
"c998a5739f04f7fff202c54962aa5782b34ecb10d6f915bdfdd7582963bf9171"
]
],
"content": "4. Directory service could be modified to enable a MITM attack? Yes\n\nThis is incorrect, as there is no user directory service at all (and no knowledge of even the number of users), and MITM by servers is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).",
"sig": "33cab5f03b6f4a8505e0b1145b96a8699cda9cfa7854123a08f644a582922a3d9041ae721723ddee1155219f065dc8db7c417b51b1c060550c9d4f6ec9f27cd7"
}