[13749] in cryptography@c2.net mail archive
Re: New toy: SSLbar
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Jul 2 14:49:14 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Wed, 2 Jul 2003 11:05:08 -0700
In-reply-to: <37905.141.76.1.121.1057125845.squirrel@mail.metropipe.net>
--
On 2 Jul 2003 at 6:04, mister_lee@metropipe.net wrote:
> If you can't get/verify the fingerprint at least once via
> another channel, you can't use SSLbar to verify the cert.
> About the best you can do is ensure that you're seeing the
> same fingerprint every time you visit the site.
In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.
Unfortunately, no one is going to memorize fingerprints.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
/3xr3PRIl9VwhL3ZVdM2Y6VIS/bUwun0l+Sxa7y8
4q6X4YQoXr6QwwvNJ6wKw/ZRgH6Ssp7tpPgQD6rW/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
