[jadmin] trusted federation
Peter Saint-Andre
stpeter at stpeter.im
Fri Jan 18 11:18:11 CST 2008
Norman Rasmussen wrote:
> On Jan 18, 2008 5:11 PM, Tomasz Sterna <tomek at xiaoka.com
> <mailto:tomek at xiaoka.com>> wrote:
>
> We could consider the following model though:
> - if the presented cert is trusted - done, we have a connection
> - if the cert is self-signed - verify the given server name with
> dialback
> - if the cert is invalid or not present - drop connection
>
>
> ++
>
> obviously this would be the default configuration that servers should
> ship with, the administrator could tweak the setting to allow only
> trusted certs (like in a corporate environment), or allow unencrypted
> communications (I can't think of a good reason for this, self-signed
> certs are easy to create)
Yes.
So that moves us one step along the ladder:
1. promiscuous federation
2. verified federation
3. encrypted federation
4. trusted federation
It might be nice to get to (4) someday, but (3) is something we should
be able to achieve by January 4, 2009!
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20080118/2d03cd6a/attachment-0001.bin
More information about the JAdmin
mailing list