[jdev] Re: TLS and self-signed certs
Stephen Marquard
scm at marquard.net
Fri Nov 12 00:11:23 CST 2004
Peter Saint-Andre wrote:
> In article
> <8CDC3525190B624F8F740435C7B9A01D59A2 at heineken.winfessor.com>,
> "JD Conley" <jconley at winfessor.com> wrote:
>
>
>>Allowing self signed (or otherwise untrusted) certs with STARTTLS +
>>EXTERNAL is opening yourself up for a serious security breach.
>
>
> Well, that's another story. But that claim on the URL I provided was
> that it is technically impossible, not inadvisable from a security
> standpoint.
Considering mawis was writing about STARTTLS in an s2s context, I think
one can grant some license to read "it only works with certificates
signed by a trusted CA" as "it's only useful with certificates signed by
a trusted CA".
>>Using it
>>with stream:features over dialback would give you encryption with a self
>>signed cert and trust through the DNS system. STARTTLS + Dialback
>>offers some level of trust along with encryption without having to worry
>>about the complexities of a certificate chain.
>
> Sure. Another possibility is (1) settling on a root CA or (2) becoming a
> root CA.
STARTTLS + Dialback has now been implemented in both jabberd1.4 (in CVS)
and jabberd2 (a patch for s2s), so I think STARTTLS + Dialback should be
encouraged as the basic minimum for s2s traffic, and when there's
agreement on (1) or (2), server administrators could choose to set their
own policies about interconnection (e.g. will only establish s2s
connections with servers with CA-signed certs).
Regards
Stephen
More information about the JDev
mailing list