[18283] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Derek Atkins)
Fri Aug 26 08:51:04 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 25 Aug 2005 22:46:20 -0400
From: Derek Atkins <warlord@MIT.EDU>
To: EKR <ekr@rtfm.com>
Cc: Ian G <iang@systemics.com>,
"Trei, Peter" <ptrei@rsasecurity.com>,
Peter Saint-Andre <stpeter@jabber.org>, cryptography@metzdowd.com
In-Reply-To: <86hdddbu5f.fsf@romeo.rtfm.com>
Quoting Eric Rescorla <ekr@rtfm.com>:
> Most chat protocols (and Jabber in particular) are server-oriented
> protocols. So, the SSL certificate in question isn't that of your
> buddy but rather of your Jabber server.
Think "end-to-end".. Even jabber has a way to encrypt messages
end-to-end using
user certificates (or PGP).
> -Ekr
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
