[JDEV] SSL & Valid Certificates

Robert Temple Robert.Temple at dig.com
Wed Apr 17 18:32:12 CDT 2002 

I am using the crypto API, so I will use the Windows Certificate store.
Thanks for the feedback, I will let the users know when there is a 
problem with a cert.

-Robert

> -----Original Message-----
> From: Michael F Lin [mailto:MFLIN at us.ibm.com]
> Sent: Wednesday, April 17, 2002 2:48 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] SSL & Valid Certificates
> 
> 
> 
> I would say that if you have access to system certificate 
> APIs and stores
> (e.g. the Windows CryptoAPI, or whatever Mozilla uses), it might be
> worthwhile to verify the certificate chain. Otherwise I would 
> say it is
> unlikely to be worthwhile to expend the programmatic effort 
> of maintaining
> your own certificate stores and so on. Jabber traffic in general is
> unlikely to be worth the effort necessary to hijack a DNS 
> name and set up a
> server with bogus certificates, and if it is that sensitive 
> it should rely
> on something more end-to-end than TLS.
> 
> -Mike
> 
> 
> 
> |---------+---------------------------->
> |         |           Robert Temple    |
> |         |           <Robert.Temple at di|
> |         |           g.com>           |
> |         |           Sent by:         |
> |         |           jdev-admin at jabber|
> |         |           .org             |
> |         |                            |
> |         |                            |
> |         |           04/14/2002 02:55 |
> |         |           AM               |
> |         |           Please respond to|
> |         |           jdev             |
> |         |                            |
> |---------+---------------------------->
>   
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
>   |                                                           
>                                                                    |
>   |       To:       "'jdev at jabber.org'" <jdev at jabber.org>     
>                                                                    |
>   |       cc:                                                 
>                                                                    |
>   |       Subject:  [JDEV] SSL & Valid Certificates           
>                                                                    |
>   |                                                           
>                                                                    |
>   |                                                           
>                                                                    |
>   
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
> 
> 
> 
> Should clients that support SSL connections to a jabber 
> server check to
> make sure that the servers certificate is valid?  i.e. check 
> if the names
> match, the root is trusted, its not expired, etc.   If they 
> should then I
> plan to tell the user that there is an issue with the certificate like
> Internet Explorer does, and ask them if they want to remain connected.
> 
> Thanks,
> Robert
> 
> 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20020417/742855d2/attachment-0002.htm>

More information about the JDev mailing list