On Mar 11, 2014, at 1:15 PM, Tony Arcieri <[email protected]> wrote:
> To flip the question around: are key fingerprints / TOFU a good way to verify
> a server's identity? I personally don't think so
I think the answer to that question comes from the ease to which SSH fails.
It's the canonical TOFU protocol, and its failures suggest an answer.
Jon
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
