[messaging] Are we pursuing real solutions for security?
jon at callas.org
Tue Mar 11 15:09:03 PDT 2014
On Mar 11, 2014, at 1:15 PM, Tony Arcieri <bascule at gmail.com> wrote:
> To flip the question around: are key fingerprints / TOFU a good way to verify a server's identity? I personally don't think so
I think the answer to that question comes from the ease to which SSH fails. It's the canonical TOFU protocol, and its failures suggest an answer.
More information about the Messaging