GitLab

Created by: cobratbq

Upon receiving an Identity message, we verify the public keys provided by Bob. (Point Y and public key B) However, upon receiving an Auth-R message we immediately continue using the public keys provided to us in the AUTH_R message. (See section "To verify an Auth-R message".)

Is this intentional? If so, why is this not needed, because the applications seem rather symmetric, so I don't see why one would be more trustworthy than the other.