[Security] TLS Certificates Verification
stpeter at stpeter.im
Mon Aug 18 16:21:28 CDT 2008
Jonathan Schleifer wrote:
> Am 18.08.2008 um 21:22 schrieb Dirk Meyer:
>> That is not an option for me. I want bots to talk to each other. They
>> can not use the phone.
> That's why for example ESessions doesn't only provide SAS, but also
> using public keys. It does not need to use public keys, but it can. This
> is indeed *VERY* nice as there's no need to generate a key then.
> I still think that ESessions is *THE* solution for encrypted IM.
Except that it's an unanalyzed technology. TLS has undergone years and
years of analysis and hardening. I like the ideas behind ESessions and
real security folks who've glanced at it seem to think it's not entirely
dodgy, but that doesn't mean it would withstand a full security analysis.
Plus using TLS enables us to re-use code for the client-to-server,
server-to-server, link-local, and end-to-end scenarios. I consider that
a good thing.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080818/5a630e4e/attachment.bin
More information about the Security