[jadmin] trusted federation
Harald Braumann
harry at unheit.net
Fri Jan 18 13:29:49 CST 2008
On Thu, 17 Jan 2008 16:51:31 -0700
Peter Saint-Andre <stpeter at stpeter.im> wrote:
> I have posted some thoughts on upgrading the Jabber network to
> encrypted-only s2s here:
>
> https://stpeter.im/?p=2136
>
> Flames are welcome. :)
>
> Peter
>
Hi,
actually I don't see why I should trust a certificate just because it
is signed by "We're trustworthy, really, Inc." That's as good as a
self-signed one. The whole idea of X.500, i.e. increasing security by
establishing a centralised hierarchical system is flawed.
I think moving towards only accepting certificates signed by some
"trusted root" (trusted by whom?) only complicates things without
giving you any security gains.
Compare this to DNS where people trust the information, just because
someone trusted must have validated it. Go ahead and check out the whois
entry of your favourite online shop for penis enlargement products and
you'll see that it's obviously phony. While this is easy to see, how
would I be able to judge the trustworthiness of some arbitrary CA?
Regards,
harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20080118/e3452f40/attachment.pgp
More information about the JAdmin
mailing list