[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Mon Aug 18 16:16:36 CDT 2008


Jonathan Schleifer wrote:

>> I must say, I find SAS fairly user unfriendly as well. At least with a
>> fingerprint
>> type mechanism I can go out of band to someone's web site and check
>> the fingerprint. With SAS, I have to actually call them on the phone.
> 
> Having a short, 5 digits long SAS is far more userfriendly than having
> a full fingerprint. Calling is also an extra security thing. You
> *HEAR* that it's the person you want to talk to.

I don't know what you're supposed to sound like. :)

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080818/fb7ecef0/attachment-0001.bin 


More information about the Security mailing list