[Security] About the Firefox 3 Security Dialog & others

Jonathan Schleifer js-xmpp-security at webkeks.org
Fri Aug 22 12:14:38 CDT 2008


Am 22.08.2008 um 19:12 schrieb Dave Cridland:

> Average Joe compatible is, I suspect, using leap-of-faith, but  
> anyway, yes, we absolutely can have a number of verification  
> options, including, as I said in my previous message, something  
> "which could look very, very like the SAS".

Uhm, what exactly do you understand by leap of faith? Like in SSH,  
that you accept the key the first time and it is remembered? I  
consider that very insecure. Doing that would be evil. An SAS would be  
better there IMO :).

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080822/3c67cc68/attachment.pgp 


More information about the Security mailing list