Adam Fields said:
On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
Regarding the usefulness of SSLbar itself, its immediate purpose was
fingerprint display, as a (theoretically) easy means of checking a
cert't validity yourself, ...
Maybe this is a stupid question, but exactly how
--
On 2 Jul 2003 at 6:04, [EMAIL PROTECTED] wrote:
If you can't get/verify the fingerprint at least once via
another channel, you can't use SSLbar to verify the cert.
About the best you can do is ensure that you're seeing the
same fingerprint every time you visit the site.
In practice,
On Wed, Jul 02, 2003 at 11:05:08AM -0700, James A. Donald wrote:
In practice, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.
What's wrong with the ssh known-hosts approach, for this? Do sites
change
On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
Regarding the usefulness of SSLbar itself, its immediate purpose was
fingerprint display, as a (theoretically) easy means of checking a cert's
validity yourself, rather than relying on a third party signing. That list
of
Steven M. Bellovin wrote:
Please don't take this personally...
None taken here either, and I'm the author :)
From a security point of view, why should anyone download any plug-in
from an unknown party? In this very specific case, why should someone
download a a plug-in that by its own
Steven M. Bellovin wrote:
From a security point of view, why should anyone download any plug-in
from an unknown party? In this very specific case, why should someone
download a a plug-in that by its own description is playing around in
the crypto arena.
I think this is a problem for all open
Steven M. Bellovin wrote:
Please don't take this personally...
None taken here, and I doubt that the author
of the tool (who has just joined this list
it seems) would take any!
From a security point of view, why should anyone download any plug-in
from an unknown party? In this very specific
In message [EMAIL PROTECTED], Ian Grigg writes:
Also, to impune the plug-in arrangement is to
impune all plug-ins, and to impune the download
from an unknown is to impune all downloads from
unknowns.
Sounds about right...
...
I.e., download this fantastic tool which
just so annoyingly
On Wed, Jun 25, 2003 at 12:02:39PM +0100, Pete Chown wrote:
On the other hand, once a back door is installed in binary-only
software, it is much less likely to be found. The Interbase back door
was only found when the source was opened.
I doubt the truth of this statement. Certainly, the
It's a toolbar for Mozilla (and related web browsers) that automatically
displays the SHA1 or MD5 fingerprint of the SSL certificate when you visit
an SSL secured web site. You could of course click the little padlock icon
and dig through a couple of dialogs to see it, but it's much easier
10 matches
Mail list logo
