[JDEV] Dialback and STARTTLS

Matthias Wimmer m at tthias.net
Fri Nov 21 01:39:00 CST 2003


Hi Justin!

Justin Karneges schrieb am 2003-11-20 16:46:46:
> TLS already proves who each party is, so using dialback in combination would 
> just be redundant (and less secure).
> 
> I hope you're not planning on using a cert-less TLS between servers.  That 
> would be a really bad precedent to set.

There are not much servers with certificates signed by one of the big CAs -
I know none. Therefore we still need dialback. But it would be nice
for this connections to be at least protected against passive attacks by
encrypting the stream.

I agree that this is not how it should be ideally, but it wouldn't help
XMPP/Jabber if we require each server to own a commercial certificate as
we would loose most if not all free servers.


Tot kijk
    Matthias

-- 
Fon: +49-(0)70 0770 07770       http://matthias.wimmer.name/
HAM: DB1MW                      xmpp:mawis at charente.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20031121/a4415763/attachment-0002.pgp>


More information about the JDev mailing list