[jdev] Re: TLS and self-signed certs
Stephen Marquard
scm at marquard.net
Fri Nov 12 00:17:37 CST 2004
Justin Karneges wrote:
> That said, on the subject of caching, XMPP servers should be a bit more strict
> than most of us probably are with ssh, if only to curb spam. Using dialback
> on the first connection might be acceptable.
>
> And now that I think about it, the whole "use dialback for the first
> connection, SASL EXTERNAL for all after" concept would be a good way to
> optimize s2s.
Or rather, use dialback whenever there isn't a cached key available, or
the cached key doesn't match the provided key. So if the other side
updates their server certificate, dialback is used to re-establish its
authenticity.
Regards
Stephen
More information about the JDev
mailing list