[jdev] Re: TLS and self-signed certs
Matthias Wimmer
m at tthias.net
Fri Nov 12 07:03:58 CST 2004
Hi Peter!
Peter Saint-Andre schrieb am 2004-11-11 17:53:30:
> > Allowing self signed (or otherwise untrusted) certs with STARTTLS +
> > EXTERNAL is opening yourself up for a serious security breach.
> Well, that's another story. But that claim on the URL I provided was
> that it is technically impossible, not inadvisable from a security
> standpoint.
I might have expressed it wrong, but what I wanted to tell is how JD
read it. Sure it is technically possible to use self-signed certificates
for SASL EXTERNAL. And if you do it within your own administrative
domain, you have full security as well (maybe not using really
self-signed certs but certs signed by your own CA).
Tot kijk
Matthias
--
Fon: +49-(0)70 0770 07770 http://web.amessage.info
Fax: +49-(0)89 312 88 654 xmpp:mawis at amessage.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.jabber.org/jdev/attachments/20041112/f08e9e82/attachment-0002.pgp>
More information about the JDev
mailing list