[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 14:26:46 CDT 2008


On Tue, Aug 19, 2008 at 12:06 PM, Jonathan Dickinson <jonathanD at k2.com> wrote:
> Very good point Justin. Even if we implement SRP chances are that you could get a few lazy developers that don't quit on the documented failure points. Something simple to implement (I am going to read up on OTR now :)) may be a good solution.

Well, this is always a possibility, but PAKE-style systems are
actually more robust
here, sicne you get mismatched keys if the passwords are not equal.
The major way to get hosed is to accept a bogus DH group.

-Ekr


More information about the Security mailing list