Another entry in the internet security hall of shame....
Adam Back
adam at cypherspace.org
Fri Aug 26 04:24:32 EDT 2005
Thats broken, just like the "WAP GAP" ... for security you want
end2end security, not a secure channel to an UTP (untrusted third
party)!
Adam
On Thu, Aug 25, 2005 at 02:09:48PM -0700, Eric Rescorla wrote:
> Most chat protocols (and Jabber in particular) are server-oriented
> protocols. So, the SSL certificate in question isn't that of your
> buddy but rather of your Jabber server.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list