[messaging] Are we pursuing real solutions for security?
bascule at gmail.com
Tue Mar 11 13:15:01 PDT 2014
On Tue, Mar 11, 2014 at 10:33 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> This use case still a real security issue, and i haven't heard a
> plausible answer yet about how SAS can be used to verify a web server's
> key without introducing a number of troubling vulnerabilities.
To flip the question around: are key fingerprints / TOFU a good way to
verify a server's identity? I personally don't think so
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging