[JDEV] Dialback and STARTTLS
Matthias Wimmer
m at tthias.net
Fri Nov 21 01:39:00 CST 2003
Hi Justin!
Justin Karneges schrieb am 2003-11-20 16:46:46:
> TLS already proves who each party is, so using dialback in combination would
> just be redundant (and less secure).
>
> I hope you're not planning on using a cert-less TLS between servers. That
> would be a really bad precedent to set.
There are not much servers with certificates signed by one of the big CAs -
I know none. Therefore we still need dialback. But it would be nice
for this connections to be at least protected against passive attacks by
encrypting the stream.
I agree that this is not how it should be ideally, but it wouldn't help
XMPP/Jabber if we require each server to own a commercial certificate as
we would loose most if not all free servers.
Tot kijk
Matthias
--
Fon: +49-(0)70 0770 07770 http://matthias.wimmer.name/
HAM: DB1MW xmpp:mawis at charente.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.jabber.org/jdev/attachments/20031121/a4415763/attachment-0002.pgp>
More information about the JDev
mailing list