I'm no security expert, but I don't think you even need an out-of-band key exchange mechanism. Just use public key cryptography [1], as used in SSH/TLS/PGP/GPG.
I was about to write this response, but I see that it is more clearly written in the wikipedia article already:
Another potential security vulnerability in using asymmetric keys is the possibility of a man-in-the-middle attack, in which communication of public keys is intercepted by a third party and modified to provide different public keys instead. Encrypted messages and responses must also be intercepted, decrypted and re-encrypted by the attacker using the correct public keys for different communication segments in all instances to avoid suspicion. This attack may seem to be difficult to implement in practice, but it's not impossible when using insecure media (e.g. public networks such as the Internet or wireless communications). A malicious staff member at Alice or Bob's ISP might find it quite easy to carry out. In the earlier postal analogy, Alice would have to have a way to make sure that the lock on the returned packet really belongs to Bob before she removes her lock and sends the packet back. Otherwise the lock could have been put on the packet by a corrupt postal worker pretending to be Bob to Alice.
The workaround is to either exchange the public keys out of band, or distribute a certificate which can be used to verify public keys out of band.
This could be very painful for the likes of Mahalo. I remember Jason Calcanis mentioning, perhaps when he first noted a change of direction for Mahalo to high-quality content, that he'll make sure Mahalo is the number one Google result for "how to cook a turkey" and similar queries, where they've spent hundreds of dollars (maybe more) on quality content, notably videos. I just Googled "how to cook a turkey", without quotes, and Mahalo is nowhere to be seen! Not sure if tha
t's a good thing or a bad thing, but the guys at Mahalo might just be freaking out right now.
Yeah, it's overlooked by many that the Chrome isn't all that extensible compared to what you can do in Firefox with addons. Chrome's developer tools are built in because they must be, whereas Firebug should be able to do anything that Firefox does natively (though I think it may be mostly Javascript now).
They're only about an hour to 1.5 hours long, and there's only 6 of them. They are supposed to be spread over a 6 week period. So every week for six weeks, you need to find an hour to spend listening to the talk for that week.
You will be meditating during part of the talk. Other days, you will meditate 20-30 minutes. This is not a large time commitment, and since you're on HN, I'm guessing you'd be able to manage.
Good luck! The first two talks have been pretty nice so far.
