--
 On 2 Jul 2003 at 6:04, [EMAIL PROTECTED] wrote:
> If you can't get/verify the fingerprint at least once via
> another channel, you can't use SSLbar to verify the cert.
> About the best you can do is ensure that you're seeing the
> same fingerprint every time you visit the site.

In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.

Unfortunately, no one is going to memorize fingerprints. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     /3xr3PRIl9VwhL3ZVdM2Y6VIS/bUwun0l+Sxa7y8
     4q6X4YQoXr6QwwvNJ6wKw/ZRgH6Ssp7tpPgQD6rW/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to