@clacke How long do you cache something that's supposed to be delivered asynchronously? If it's cached, who holds that information? If the two peers who hold this information are very seldom online at the same time, how long is an acceptable delivery delay? If magic distribution via third parties is possible, how is this information protected?

Say what, you mean that users enjoy reading and comparing fingerprints, never fail to take encryption and verification instructions seriously and also back up their secret keys in a non-ridiculous manner? Well then, I guess it's all fine and dandy. Forget I ever said anything .)