This is an old revision of the document!
Table of Contents
Sharing Tox ID's
Some of the ways to share Tox ID's and their benefits and drawbacks. This is an attempt to address the different things that can come into play when initially authenticating a Tox user.
In Person, Manual Verification
In this scenario, 2 people with Tox ID's meet in person, and exchange the ID's in front of each other, enter the ID's manually, and send a test message. This is equivalent to manually verifying a fingerprint in OTR.
Using Tox: URI's to ease entering Tox ID's, Manual Out-Of-Channel Verification
In this scenario, a user creates a Tox: URI which is used to help fill out the Add Friend form. The security of this method depends on the security of the method used to transfer the Tox: URI. See Also.
Using ToxDNS Services to ease entering Tox ID's
ToxDNS services provide an email-like username that can be looked up and will correspond with a Tox ID. These might be difficult to verify, but the meeting in person with the other party and sending a test message can show that messages are going to the intended recipient at that particular moment. See Also.
Useful resources for verification of regular OTR Identities
I'm going to use this information to come up with the content of this page. The principles need to be adapted for Tox but some of them still apply, especially when using ToxDNS.
EFF's How To Use OTR on Window's Guide See sections “Chatting Securely” to “Working with Other Software.”
Cypherpunks guide to Authentication The most complete guide to the traditional methods of verifying OTR fingerprints with libpurple.
Adium Off-The-Record Documentation Pretty decent glossary.