[jdev] Re: TLS and self-signed certs
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Fri Nov 12 00:07:54 CST 2004
On Thursday 11 November 2004 07:54 pm, Neil Stevens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 11 November 2004 05:06 pm, Justin Karneges wrote:
> > While JD's comments sum this up nicely, I just want to reiterate loudly
> > that self-signed certificates alone truly are worthless. I'm not even
> > talking about man in the middle attacks either. As a form of identity,
> > a self-signed cert is as effective as the "From:" header in good old
> > SMTP, and this would allow spammers to get right in and start faking
> > domains.
>
> Wrong. If a certificate remains unchanged, then you know that as long as
> it is unchanged, you're continuing to connect to the server you connected
> to in the past.
>
> You can't know if there's a man-in-the-middle in progress when you first
> connect, but if you're remembering certificate and someone tries one after
> a while, you will be able to detect that.
>
> ssh does this, for example.
You're absolutely right. I wasn't discussing caching.
That said, on the subject of caching, XMPP servers should be a bit more strict
than most of us probably are with ssh, if only to curb spam. Using dialback
on the first connection might be acceptable.
And now that I think about it, the whole "use dialback for the first
connection, SASL EXTERNAL for all after" concept would be a good way to
optimize s2s.
-Justin
More information about the JDev
mailing list