[messaging] Are we pursuing real solutions for security?
Tony Arcieri
bascule at gmail.com
Tue Mar 11 13:15:01 PDT 2014
On Tue, Mar 11, 2014 at 10:33 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:
> This use case still a real security issue, and i haven't heard a
> plausible answer yet about how SAS can be used to verify a web server's
> key without introducing a number of troubling vulnerabilities.
To flip the question around: are key fingerprints / TOFU a good way to
verify a server's identity? I personally don't think so
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140311/c2a85719/attachment.html>
More information about the Messaging
mailing list