Suppose Alice wishes to connect with Bob using only global discovery. She has Bob’s device ID and queries the discosrv for Bob’s connection information namely the IP address and port number. From my understanding, at the point the discosrv replies Alice with Bob’s connection information and does not inform Bob that someone has tried to look up his connection information. After obtaining Bob’s connection information, Alice creates the connection and both parties verifies each other’s certificates. Finally, if everything is successful Bob sees a notification on his GUI asking him to either accept or deny the connection.
Is what I just described correct?
EDIT: Acutally, I’m not sure whether certificate verification happens before or after Bob see the notification.
I guess this describes the case where Bob doesn’t know about Alice from before. What happens in that case is that Bob drops the connection immediately upon receiving Alice’s certificate (as it’s unknown), and then presents the GUI popup asking to accept or not. If it’s accepted, the next connection attempt will go through.