[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Thu Aug 21 07:16:28 CDT 2008


Am 21.08.2008 um 09:56 schrieb Jonathan Dickinson:

> 1. Explain the process to the user.
> 2. Download CA and IC certs and install. Download revocation lists  
> and merge.
> 3. Create certificate with password.
> 4. Ask IC to sign cert.
> 5. [Skippable] Place the certificate on a thumbdrive and configure  
> the program to read it from there.
> 6. [Skippable] Back the certificate up to either CD-RW (recommended)  
> or XMPP server (if we can figure that one out).
> 7. Explain to the user how they can set up an encrypted messaging  
> channel.
> 8. Finish

You have to be kidding. No average user will ever do that. Look at  
Gajim: The only thing the user needs to verify is a short SAS. And  
even that seems to me too much for some people. So how can you have 8  
steps when even a short SAS is already too much for some?

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080821/f02601fa/attachment.pgp 


More information about the Security mailing list