WYTM?

[Eric Rescorla]

Ian Grigg <iang at systemics.com> writes:
> So to say that ITM is consensus is something
> that is going to have to be established.
Most comsec people I know subscribe to it. I don't
have a study to show it.

> In this case, the ITM was a) agreed upon after
> the fact to fill in the hole
I don't know what this means. If you'd asked a bunch of
comsec people what the appropriate threat model for SSL
was, they would have given you something very much 
like SSL.

> > > (Actually, I'm not sure what SSH pops up, it's
> > > never popped up anything to me?  Are you talking
> > > about a windows version?)
> > SSH in terminal mode says:
> > 
> > "The authenticity of host 'hacker.stanford.edu (171.64.78.90)' can't be established.
> > RSA key fingerprint is d3:a8:90:6a:e8:ef:fa:43:18:47:4c:02:ab:06:04:7f.
> > Are you sure you want to continue connecting (yes/no)? "
> > 
> > I actually find the Firebird popup vastly more understandable
> > and helpful.
> 
> 
> I'm not sure I can make much of your point,
> as I've never heard of nor seen a Firebird?
What, you've never heard of Google?

Mozilla is effectively slimmed down Mozilla. The Mozilla dialog is
somewhat more aggressive.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com