[Security] TLS Certificates Verification
Jonathan Schleifer
js-xmpp-security at webkeks.org
Tue Aug 19 12:07:00 CDT 2008
"Eric Rescorla" <ekr at rtfm.com> wrote:
> Why is it desirable to use an SAS here? A short, secret key printed
> on the top of the STB seems much more convenient.
Uhm, isn't SAS more or less like a short secret key? If you verify an
SAS or a short fingerprint (but fingerprints are never short!), where
is the difference?
--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/6b71c431/attachment.pgp
More information about the Security
mailing list