[messaging] Are we pursuing real solutions for security?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Mar 11 14:15:45 PDT 2014


On 03/11/2014 04:15 PM, Tony Arcieri wrote:
> To flip the question around: are key fingerprints / TOFU a good way to
> verify a server's identity? I personally don't think so

Sure, we have lots of UI/UX problems with manual fingerprint checking,
and there are subtle failures involved with TOFU and other schemes.  If
you want to suggest another mechanism to cryptographically verify a
server's identity, please do!  It would be a shame to miss a viable option.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140311/f9b17faf/attachment.sig>


More information about the Messaging mailing list