[Operators] SSL trust in XMPP world
Andreas Tauscher
ta at geuka.net
Thu Sep 3 17:25:54 UTC 2015
On 09/03/2015 12:19 PM, Peter Viskup wrote:
> we know there still are issues with CA-signed and self-signed
> certificates. Self-signed certificate was the main reason for not
> accepting our server into the list of public XMPP server.
> From my perspective it would be great to implement XEP similar to
> Convergence [1]. That could solve at least some of the issues with
> certificates we have at the moment. On the end the CA-trust-lists would
> be removed from the clients and servers would be able to check the
> validity of certificates for s2s connections.
DANE would solve this problem. And since it is DNS based it would be
easy to implement.
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150903/9cb740db/attachment.sig>
More information about the Operators
mailing list