[18284] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Fri Aug 26 08:51:36 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Derek Atkins <warlord@MIT.EDU>
Cc: Ian G <iang@systemics.com>,
"Trei, Peter" <ptrei@rsasecurity.com>,
Peter Saint-Andre <stpeter@jabber.org>, cryptography@metzdowd.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 25 Aug 2005 21:12:15 -0700
In-Reply-To: <20050825224620.syddzv69wt8kk4cc@webmail.mit.edu> (Derek
Atkins's message of "Thu, 25 Aug 2005 22:46:20 -0400")
Derek Atkins <warlord@MIT.EDU> writes:
> Quoting Eric Rescorla <ekr@rtfm.com>:
>
>> Most chat protocols (and Jabber in particular) are server-oriented
>> protocols. So, the SSL certificate in question isn't that of your
>> buddy but rather of your Jabber server.
>
> Think "end-to-end".. Even jabber has a way to encrypt messages
> end-to-end using
> user certificates (or PGP).
Absolutely, but that's not the scenario in which this particular
check is occurring...
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
