[messaging] Are we pursuing real solutions for security?

Jon Callas jon at callas.org
Tue Mar 11 15:09:03 PDT 2014


On Mar 11, 2014, at 1:15 PM, Tony Arcieri <bascule at gmail.com> wrote:

> To flip the question around: are key fingerprints / TOFU a good way to verify a server's identity? I personally don't think so

I think the answer to that question comes from the ease to which SSH fails. It's the canonical TOFU protocol, and its failures suggest an answer.

	Jon




More information about the Messaging mailing list