Another entry in the internet security hall of shame....
Derek Atkins
warlord at MIT.EDU
Thu Aug 25 22:46:20 EDT 2005
Quoting Eric Rescorla <ekr at rtfm.com>:
> Most chat protocols (and Jabber in particular) are server-oriented
> protocols. So, the SSL certificate in question isn't that of your
> buddy but rather of your Jabber server.
Think "end-to-end".. Even jabber has a way to encrypt messages
end-to-end using
user certificates (or PGP).
> -Ekr
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list