Hi,
(just joined the list so still catching up on archives, please forgive
if I'm sending something you've discussed before)
On Aug 20, 2008, at 5:23 PM, Jonathan Schleifer wrote:
Dave Cridland <[EMAIL PROTECTED]> wrote:
In fact, I think certificates are actually the best approach,
because they're better understood, the IPR impact is clearer, they
provide a wide range of options for initial and subsequent
authentication, and both users and developers are more exposed to
them, hence more likely to accept and trust them. I think we have a
solid base there from leap-of-faith to fingerprinting to work with.
I disagree. For the average user, they are the worst possible
scenario.
They are scared by a long fingerprint or having to create a
certificate
etc. Very scared! And it's not user friendly to have the user waiting
until a key is generated…
For the average user, I liked this approach over self-signed
certificates: http://mooseyard.com/Jens/2008/04/cloudy-verification/
I would use and be happy with a system like that.
This for human-to-human scenario.
Best regards,
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!
