Ian Grigg <[EMAIL PROTECTED]> writes: > So to say that ITM is consensus is something > that is going to have to be established. Most comsec people I know subscribe to it. I don't have a study to show it.
> In this case, the ITM was a) agreed upon after > the fact to fill in the hole I don't know what this means. If you'd asked a bunch of comsec people what the appropriate threat model for SSL was, they would have given you something very much like SSL. > > > (Actually, I'm not sure what SSH pops up, it's > > > never popped up anything to me? Are you talking > > > about a windows version?) > > SSH in terminal mode says: > > > > "The authenticity of host 'hacker.stanford.edu (171.64.78.90)' can't be > > established. > > RSA key fingerprint is d3:a8:90:6a:e8:ef:fa:43:18:47:4c:02:ab:06:04:7f. > > Are you sure you want to continue connecting (yes/no)? " > > > > I actually find the Firebird popup vastly more understandable > > and helpful. > > > I'm not sure I can make much of your point, > as I've never heard of nor seen a Firebird? What, you've never heard of Google? Mozilla is effectively slimmed down Mozilla. The Mozilla dialog is somewhat more aggressive. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]