"Eric Rescorla" <[EMAIL PROTECTED]> wrote: > They will if the software just does it.
So the software automatically signs people I talk to? I also talk to people whom I don't trust. This is a bad idea. Really bad. > I must say, I find SAS fairly user unfriendly as well. At least with a > fingerprint > type mechanism I can go out of band to someone's web site and check > the fingerprint. With SAS, I have to actually call them on the phone. Having a short, 5 digits long SAS is far more userfriendly than having a full fingerprint. Calling is also an extra security thing. You *HEAR* that it's the person you want to talk to. -- Jonathan
signature.asc
Description: PGP signature
