New toy: SSLbar
James A. Donald
jamesd at echeque.com
Wed Jul 2 14:05:08 EDT 2003
--
On 2 Jul 2003 at 6:04, mister_lee at metropipe.net wrote:
> If you can't get/verify the fingerprint at least once via
> another channel, you can't use SSLbar to verify the cert.
> About the best you can do is ensure that you're seeing the
> same fingerprint every time you visit the site.
In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.
Unfortunately, no one is going to memorize fingerprints.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
/3xr3PRIl9VwhL3ZVdM2Y6VIS/bUwun0l+Sxa7y8
4q6X4YQoXr6QwwvNJ6wKw/ZRgH6Ssp7tpPgQD6rW/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list