[18285] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Adam Back)
Fri Aug 26 08:51:52 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Aug 2005 04:24:32 -0400
From: Adam Back <adam@cypherspace.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Ian G <iang@systemics.com>,
"Trei, Peter" <ptrei@rsasecurity.com>,
Peter Saint-Andre <stpeter@jabber.org>, cryptography@metzdowd.com,
Adam Back <adam@cypherspace.org>
In-Reply-To: <86hdddbu5f.fsf@romeo.rtfm.com>
Thats broken, just like the "WAP GAP" ... for security you want
end2end security, not a secure channel to an UTP (untrusted third
party)!
Adam
On Thu, Aug 25, 2005 at 02:09:48PM -0700, Eric Rescorla wrote:
> Most chat protocols (and Jabber in particular) are server-oriented
> protocols. So, the SSL certificate in question isn't that of your
> buddy but rather of your Jabber server.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
