Another entry in the internet security hall of shame....

Derek Atkins warlord at MIT.EDU
Thu Aug 25 22:46:20 EDT 2005


Quoting Eric Rescorla <ekr at rtfm.com>:

> Most chat protocols (and Jabber in particular) are server-oriented
> protocols. So, the SSL certificate in question isn't that of your
> buddy but rather of your Jabber server.

Think "end-to-end"..  Even jabber has a way to encrypt messages 
end-to-end using
user certificates (or PGP).

> -Ekr

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list