20 aug 2008 kl. 12.46 skrev Dirk Meyer:
Yes. IMHO we should start with the question the thread started with. We have a connection (doesn't matter how we got it) and we want to open a verified TLS layer. CA signed certificate, self-signed certificates, web of trust, TLS-SRP. These seems to be the keywords to solve the problem. After we do that we may need users to remember passwords and save keys. How we can do that in a userfriendly way is step 2. But it does not hurt to keep step 2 in mind from time to time to not end up with users comparing key fingerprints.
And a fork to discuss guidelines for implementors :-) Feel free to create other forks - but please change the subject! /O
