[jdev] Re: TLS and self-signed certs

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Nov 12 00:07:54 CST 2004

On Thursday 11 November 2004 07:54 pm, Neil Stevens wrote:
> Hash: SHA1
> On Thursday 11 November 2004 05:06 pm, Justin Karneges wrote:
> > While JD's comments sum this up nicely, I just want to reiterate loudly
> > that self-signed certificates alone truly are worthless.  I'm not even
> > talking about man in the middle attacks either.  As a form of identity,
> > a self-signed cert is as effective as the "From:" header in good old
> > SMTP, and this would allow spammers to get right in and start faking
> > domains.
> Wrong.  If a certificate remains unchanged, then you know that as long as
> it is unchanged, you're continuing to connect to the server you connected
> to in the past.
> You can't know if there's a man-in-the-middle in progress when you first
> connect, but if you're remembering certificate and someone tries one after
> a while, you will be able to detect that.
> ssh does this, for example.

You're absolutely right.  I wasn't discussing caching.

That said, on the subject of caching, XMPP servers should be a bit more strict 
than most of us probably are with ssh, if only to curb spam.  Using dialback 
on the first connection might be acceptable.

And now that I think about it, the whole "use dialback for the first 
connection, SASL EXTERNAL for all after" concept would be a good way to 
optimize s2s.


More information about the JDev mailing list