[Security] TLS Certificates Verification
dmeyer at tzi.de
Mon Aug 18 14:25:08 CDT 2008
Jonathan Schleifer wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>> They will if the software just does it.
> So the software automatically signs people I talk to? I also talk to
> people whom I don't trust. This is a bad idea. Really bad.
No, the software will sign your own key on creation, that's all. And
the signature is bogus, it is only there to make TLS happy.
> Having a short, 5 digits long SAS is far more userfriendly than having
> a full fingerprint.
Without fully understanding SAS, a 5 digest something sounds much
better than a fingerprint. Small question to anyone: who checks the
fingerprint openssh prints out when you first connect to a new
machine? I don't.
Paranoid Club meeting this Friday. Now ... just try to find out where!
More information about the Security