[JDEV] Dialback and STARTTLS
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Thu Nov 20 18:46:46 CST 2003
TLS already proves who each party is, so using dialback in combination would
just be redundant (and less secure).
I hope you're not planning on using a cert-less TLS between servers. That
would be a really bad precedent to set.
-Justin
On Thursday 20 November 2003 01:52 pm, Peter Saint-Andre wrote:
> On Thu, Nov 20, 2003 at 09:53:52PM +0100, Matthias Wimmer wrote:
> > Hi!
> >
> > If Dialback is implemented together with STARTTLS. What is the intended
> > layering of these two protocols?
> > Should dialback used first and TLS started afterwards or should TLS
> > started first (should it be used for the dialback connection as well?)?
> >
> > Or is it forbidden to use STARTTLS together with dialback?
>
> I think dialback should be done first, then TLS. Applying dialback first
> ensures that the domain names have been validated, and there is nothing
> in the dialback negotiation that really requires channel encryption as
> far as I can see.
>
> > HAM: DB1MW xmpp:mawis at charente.de
>
> Hmm, what about the HAM transport? ;-)
>
> /psa
More information about the JDev
mailing list