[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 12:04:04 CDT 2008

Why is it desirable to use an SAS here? A short, secret key printed on the
top of the STB seems much more convenient.


On Tue, Aug 19, 2008 at 9:56 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> Dirk Meyer <dmeyer at tzi.de> wrote:
>> Use case: I want to connect my media network using XMPP. I have a
>> set-top box (bot) and a mobile phone I want to use to control the
>> set-top box. Should I use a CA? Not a good idea.
> This isn't really a bot to bot scenario. Here, you would use SAS, it
> would be like pairing in Bluetooth with a random PIN both need to know.
> --
> Jonathan

More information about the Security mailing list