[jadmin] trusted federation
Norman Rasmussen
norman at rasmussen.co.za
Fri Jan 18 09:16:36 CST 2008
On Jan 18, 2008 5:11 PM, Tomasz Sterna <tomek at xiaoka.com> wrote:
> We could consider the following model though:
> - if the presented cert is trusted - done, we have a connection
> - if the cert is self-signed - verify the given server name with
> dialback
> - if the cert is invalid or not present - drop connection
>
++
obviously this would be the default configuration that servers should ship
with, the administrator could tweak the setting to allow only trusted certs
(like in a corporate environment), or allow unencrypted communications (I
can't think of a good reason for this, self-signed certs are easy to create)
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20080118/9414c564/attachment.htm
More information about the JAdmin
mailing list