Another entry in the internet security hall of shame....
Aaron Whitehouse
lists at whitehouse.org.nz
Fri Aug 26 20:24:24 EDT 2005
Ian G wrote:
> Using SSL is the wrong tool
> for the job. It's a chat message - it should be
> encrypted end to end, using either OpenPGP or
> something like OTR. And even then, you've only
> covered about 10% of the threat model - the
> server.
>
> But, if people do use the wrong tool for the
> job, they will strike these issues...
Wasn't this the reason that Silc (http://www.silcnet.org) was born?
Because the attempts to add security as an overlay onto existing IM was
the wrong way to approach the problem?
Personally I use Silc for my secure conversations; I wouldn't feel much
safer at all if my connection to the Microsoft server was the only part
of my message encrypted.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3268 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050827/eb0d50b5/attachment.bin>
More information about the cryptography
mailing list