Indeed it is far from straightforward that merely doing a video call suffices to check the keys.
Signal is famously using a special protocol for secure key sharing through the server, which I have not studied.
But as said by another comment, there is no way around verifying explicitly the public key using an independent channel.
Indeed it is far from straightforward that merely doing a video call suffices to check the keys.
Signal is famously using a special protocol for secure key sharing through the server, which I have not studied.
But as said by another comment, there is no way around verifying explicitly the public key using an independent channel.