I’m going to tackle both these points together. Show me the official documentation that shows the bootstrapping process - you haven’t so far. We also are not talking about how solid a particular encryption algorithm is - it’s irrelevant to this discussion because I’m not claiming anything can be decrypted.
Other than the odd mention of bootstrapping in whitepapers and such the most “official” documentation I could find is this forum post which is “liked” by David and Fraser - so I have to assume accurate:
Here is an extract from that post:
In this case we see that Client (A) connects to an IP-address (B) and provides it’s public key. If Client (A) is new to B than B will add Client A to it’s Client map. It will also provide it’s own public key to A.
I don’t know how interpret this any other way than: A and B may be encountering each other for the first time and have no prior knowledge (somehow A knows B’s IP address though). They then EXCHANGE keys.
What am I to think? This is the closest thing to proof I have on the matter - plus Davids acknowledgement early on that this process could work.