[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle
Relays, and Big Problems
Dave Cridland
dave at cridland.net
Wed Nov 8 15:37:06 CST 2006
On Wed Nov 8 17:59:10 2006, Philipp Hancke wrote:
> If my server connects to 'montague' and the remote side shows a
> certificate for 'capulet', this is a problem. If my server
> continues connecting, this is defeating any security that TLS
> may yield. Yet this is something that seems to be done quite
> often...
No, that's merely ignoring a considerable degree of the
authentication that TLS may offer.
But privacy (and compression) will be unaffected by this, and that's
an important part of security too. Given that you might be able to
use dialback, etc, that's quite possibly good enough, especially if
your server caches certificate fingerprints and gets paranoid when
they change.
That's not to say that Peter's work in trying to get XMPP-aware
certificates out there isn't a good move, and will help security,
it's just that lack of a proper TLS certificate (or, indeed, lack of
any certificate) does not equate to no security.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards-JIG
mailing list