[Security] TLS Certificates Verification
melo at simplicidade.org
Wed Aug 20 11:26:41 CDT 2008
(just joined the list so still catching up on archives, please forgive
if I'm sending something you've discussed before)
On Aug 20, 2008, at 5:23 PM, Jonathan Schleifer wrote:
> Dave Cridland <dave at cridland.net> wrote:
>> In fact, I think certificates are actually the best approach,
>> because they're better understood, the IPR impact is clearer, they
>> provide a wide range of options for initial and subsequent
>> authentication, and both users and developers are more exposed to
>> them, hence more likely to accept and trust them. I think we have a
>> solid base there from leap-of-faith to fingerprinting to work with.
> I disagree. For the average user, they are the worst possible
> They are scared by a long fingerprint or having to create a
> etc. Very scared! And it's not user friendly to have the user waiting
> until a key is generated…
For the average user, I liked this approach over self-signed
I would use and be happy with a system like that.
This for human-to-human scenario.
XMPP ID: melo at simplicidade.org
More information about the Security