New toy: SSLbar

James A. Donald jamesd at
Wed Jul 2 14:05:08 EDT 2003

 On 2 Jul 2003 at 6:04, mister_lee at wrote:
> If you can't get/verify the fingerprint at least once via
> another channel, you can't use SSLbar to verify the cert.
> About the best you can do is ensure that you're seeing the
> same fingerprint every time you visit the site.

In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.

Unfortunately, no one is going to memorize fingerprints. 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list