20 aug 2008 kl. 12.46 skrev Dirk Meyer:
Yes. IMHO we should start with the question the thread started with. We have a connection (doesn't matter how we got it) and we want to open a verified TLS layer. CA signed certificate, self-signed certificates, web of trust, TLS-SRP. These seems to be the keywords to solve the problem. After we do that we may need users to remember passwords and save keys. How we can do that in a userfriendly way is step 2. But it does not hurt to keep step 2 in mind from time to time to not end up with users comparing key fingerprints.
Ok, let's use this thread and subject for that discussion and try to summarize
where we are. /O
