[jdev] Re: TLS and self-signed certs
Peter Saint-Andre
stpeter at jabber.org
Thu Nov 18 16:29:33 CST 2004
In article <200411181404.03770.neil at hakubi.us>,
Neil Stevens <neil at hakubi.us> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 18 November 2004 10:07 am, David Waite wrote:
> > Nothing can be done without trust. We are using Verisign today as a
> > trusted body for providing correct DNS records and references.
>
> Funny business in DNS is easy to detect. Funny business in certificates is
> not.
>
> Trusted third parties in DNS are required. Trusted third parties in
> encryption are not.
>
> So I'd rather not see the use of encrypted Jabber connections tied to the
> use of a redundant third party.
It's too bad that DNSSEC is not (yet) more widely deployed.
http://www.dnssec.net/
/psa
More information about the JDev
mailing list