[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dirk Meyer dmeyer at tzi.de
Fri Aug 29 06:19:16 CDT 2008


Pedro Melo wrote:
> Well, I have this thing called a roster, and some of them I already
> have certified as being the person I expect them to be. And for some
> of those, I actually trust their judgement. So why not asking them if
> they know this person? And if yes, what's the signature they know them
> by?
>
> I'm not saying that the Perspectives proposal is bad, not at al. I
> think its a great way to bootstrap and if it goes forward, something
> we could try and use. But this is XMPP-la-la-land, and maybe we can
> leverage our strengths (aka, the roster) to have something better.

And that will be a web-of-trust. I agree, it looks like a better way
for us to go.

Dirk

-- 
Quitters never win, and winners never quit, but those who never quit AND
never win are idiots.


More information about the Security mailing list