Ian Grigg <[EMAIL PROTECTED]> writes:
> So to say that ITM is consensus is something
> that is going to have to be established.
Most comsec people I know subscribe to it. I don't
have a study to show it.

> In this case, the ITM was a) agreed upon after
> the fact to fill in the hole
I don't know what this means. If you'd asked a bunch of
comsec people what the appropriate threat model for SSL
was, they would have given you something very much 
like SSL.

> > > (Actually, I'm not sure what SSH pops up, it's
> > > never popped up anything to me?  Are you talking
> > > about a windows version?)
> > SSH in terminal mode says:
> > 
> > "The authenticity of host 'hacker.stanford.edu (' can't be 
> > established.
> > RSA key fingerprint is d3:a8:90:6a:e8:ef:fa:43:18:47:4c:02:ab:06:04:7f.
> > Are you sure you want to continue connecting (yes/no)? "
> > 
> > I actually find the Firebird popup vastly more understandable
> > and helpful.
> I'm not sure I can make much of your point,
> as I've never heard of nor seen a Firebird?
What, you've never heard of Google?

Mozilla is effectively slimmed down Mozilla. The Mozilla dialog is
somewhat more aggressive.


[Eric Rescorla                                   [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to