[messaging] Are we pursuing real solutions for security?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Mar 11 14:15:45 PDT 2014
On 03/11/2014 04:15 PM, Tony Arcieri wrote:
> To flip the question around: are key fingerprints / TOFU a good way to
> verify a server's identity? I personally don't think so
Sure, we have lots of UI/UX problems with manual fingerprint checking,
and there are subtle failures involved with TOFU and other schemes. If
you want to suggest another mechanism to cryptographically verify a
server's identity, please do! It would be a shame to miss a viable option.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Messaging