Key warning when initiating echo chat

[Norbert80]

Kontalk lists myself as contact. I started a conversation with myself. First I had to confirm a red message about accepting changed keys. Now I get my own echo. :-)

[webratte]

As far as i know it's a feature not a bug ;-)
I like it for making me memos.
I hope it will stay also in future versions.

[Norbert80]

This is a messenger. Not a memo tool... ts

[daniele-athome]

Writing to yourself is perfectly normal for an XMPP service, especially because it allows you to exchange messages and data between all the devices connected to the account.
The key warning might be a bug instead. I'll investigate.

[webratte]

@Norbert80 I'm using this feature still this way and I like it :-P

I'm also use it to send me memos to (e.g. Hyperlinks) my PC via Kontalk Desktopclient (like @daniele-athome said).

[Norbert80]

@webratte there are apps like Google Keep that are synchronising.

[webratte]

@Norbert80 Maybe. But why should I install another App if Kontalk do the same work for me? ;-)

But I think this is not the right place for this discussion.
There are forums in the www for thing like this :-)
I will stop it now.

[Norbert80]

@daniele-athome does your patch just accept each key when chatting with onselfe? Or does it really use the local stored key?

Background of my question is to ensure to recognise man-in-the-middle attacks also for echo chats.

[daniele-athome]

@Norbert80 it uses the server-provided key for encrypting, but it still uses the local key for decrypting. That way, if decryption or signature verification fail, you're probably facing a MITM attack. Although the user is not explicitly warned in this case (just the usual red alert badge on the message; you need to open message details to know more).