[jdev] Re: TLS and self-signed certs

Stephen Marquard scm at marquard.net
Fri Nov 12 00:17:37 CST 2004

Justin Karneges wrote:

> That said, on the subject of caching, XMPP servers should be a bit more strict 
> than most of us probably are with ssh, if only to curb spam.  Using dialback 
> on the first connection might be acceptable.
> And now that I think about it, the whole "use dialback for the first 
> connection, SASL EXTERNAL for all after" concept would be a good way to 
> optimize s2s.

Or rather, use dialback whenever there isn't a cached key available, or 
the cached key doesn't match the provided key. So if the other side 
updates their server certificate, dialback is used to re-establish its 


More information about the JDev mailing list