Another entry in the internet security hall of shame....
Eric Rescorla
ekr at rtfm.com
Fri Aug 26 00:12:15 EDT 2005
Derek Atkins <warlord at MIT.EDU> writes:
> Quoting Eric Rescorla <ekr at rtfm.com>:
>
>> Most chat protocols (and Jabber in particular) are server-oriented
>> protocols. So, the SSL certificate in question isn't that of your
>> buddy but rather of your Jabber server.
>
> Think "end-to-end".. Even jabber has a way to encrypt messages
> end-to-end using
> user certificates (or PGP).
Absolutely, but that's not the scenario in which this particular
check is occurring...
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list