[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 12:07:00 CDT 2008


"Eric Rescorla" <ekr at rtfm.com> wrote:

> Why is it desirable to use an SAS here? A short, secret key printed
> on the top of the STB seems much more convenient.

Uhm, isn't SAS more or less like a short secret key? If you verify an
SAS or a short fingerprint (but fingerprints are never short!), where
is the difference?

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/6b71c431/attachment.pgp 


More information about the Security mailing list