On 03/11/2014 04:15 PM, Tony Arcieri wrote: > To flip the question around: are key fingerprints / TOFU a good way to > verify a server's identity? I personally don't think so
Sure, we have lots of UI/UX problems with manual fingerprint checking,
and there are subtle failures involved with TOFU and other schemes. If
you want to suggest another mechanism to cryptographically verify a
server's identity, please do! It would be a shame to miss a viable option.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
