[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Mon Aug 18 09:55:48 CDT 2008

On Mon, Aug 18, 2008 at 7:42 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>> They will if the software just does it.
> So the software automatically signs people I talk to? I also talk to
> people whom I don't trust. This is a bad idea. Really bad.

I don't think you and I are talking about the same thing when we talk about
signing keys. I'm talking about self-signed certs, which is what I read
the message you were responding to be talking about. I agree that having
users sign each others keys is problematic for a number of reasons.

>> I must say, I find SAS fairly user unfriendly as well. At least with a
>> fingerprint
>> type mechanism I can go out of band to someone's web site and check
>> the fingerprint. With SAS, I have to actually call them on the phone.
> Having a short, 5 digits long SAS is far more userfriendly than having
> a full fingerprint.

While I agree that manually comparing a short string is easier than manually
comparing a long string, that's not the only tradeoff to be made here, and
as I said, the use model for an SAS is inherently a lot more problematic
than the use model for a fingerprint. More on this at:

> Calling is also an extra security thing. You
> *HEAR* that it's the person you want to talk to.

Yes, it's a highly inconvenient security thing, which is why I find it
implausible that people will do it. I, for one, use XMPP with lots
of people whom I've never spoken on the phone with.


More information about the Security mailing list