Another entry in the internet security hall of shame....
Eric Rescorla
ekr at rtfm.com
Thu Aug 25 17:09:48 EDT 2005
Ian G <iang at systemics.com> writes:
> Trei, Peter wrote:
>
>> Self-signed certs are only useful for showing that a given
>> set of messages are from the same source - they don't provide
>> any trustworthy information as to the binding of that source
>> to anything.
>
> Perfectly acceptable over chat, no? That is,
> who else would you ask to confirm that your
> chatting to your buddy?
Most chat protocols (and Jabber in particular) are server-oriented
protocols. So, the SSL certificate in question isn't that of your
buddy but rather of your Jabber server.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list