[OTR-dev] Re: [Gaim-devel] gaim-OTR, AIM DirectIM, and messaging signals
Ian Goldberg
ian at cypherpunks.ca
Wed Feb 22 12:38:48 EST 2006
On Mon, Feb 20, 2006 at 10:35:29PM -0500, Ethan Blanton wrote:
> > And the wiki page would seem to suggest that self-signed certs work just
> > fine. So why would aimencrypt.com offer a constant cert to everyone
> > when they could just offer a little widget to generate a fresh
> > self-signed one?
>
> Not that this would provide a whole lot more (effective) security ...
> because they could just keep and distribute copies of the private
> keys. ;-)
I would *hope* they would do something more secure, involving
client-side generation, but considering what they do now... :-p
- Ian
More information about the OTR-dev
mailing list