Comment by userbinator
11 years ago
The SSH approach is exactly what I was thinking of, where you know the fingerprint of the other side you're connecting to.
I believe verification should be done out-of-band, using some other way (e.g. advertising) to transmit the fingerprint to the users. I've used self-signed certificates to collaborate over HTTPS with people I know in real life, and all I do is give them little pieces of paper with my cert printed on them.
With SSH you usually own both endpoints (or at least trusting your cloud provider).
The example you give with regards to exchanging a piece of paper is very similar. It's ridiculously hard to do such a thing on large scale without trusting intermediaries.
I'm putting my eggs on certificate pinning.