[jdev] self signed cert

Tomasz Sterna tomek at xiaoka.com
Tue May 3 18:10:21 UTC 2016


W dniu 03.05.2016, wto o godzinie 09∶40 -0700, użytkownik
lists at lazygranch.com napisał:
> I suspect you wouldn't want s2s to use a self signed cert, so
> allowing two level of verification (c2s and s2s) sounds complex. You
> fix one thing in software and you break something else.

So, why would you allow self-signed on C2S?

Why do you want to use encryption in the first place?
So, no one is able to read the conversation, right?
But self-signed cert does not give you this... Just a false illusion
that you are protected from evesdropping.
But self-signed does not protect you from man-in-the-middle attack, so
basically still anyone able to tap the wire your transmission is going
through is able to read it, with just slightly more effort.


> I noticed the online documentation doesn't completely match the xml,
> but there are enough comments in the xml that I could get close to
> setting it up. It is just the certs that are confusing.

Yeah. The real and up to date source of documentation are the comments
in the configuration files.


-- 
 /o__ 
(_<^' Practice is the best of all instructors.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20160503/0c510336/attachment.sig>


More information about the JDev mailing list