[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 03:10:56 CDT 2008


Am 18.08.2008 um 23:27 schrieb Peter Saint-Andre:

> AFAICS, TLS enables us to use PGP keys (experimental, not yet  
> supported in all TLS libraries), CA-issued certs, and self-signed  
> certs (leap of faith). There's no SAS support in TLS yet but that  
> might be developed down the line because, as discussed on the TLS  
> list recently, members of the SIP community (and others) are  
> interested in that feature.

That still means no implementation has it, thus the advantage of being  
able to just use one of the TLS implementations is gone. So we could  
as well try to get a cryptanalysis for ESessions for a cheap price and  
use Brandan Taylors implementation, for which he already offered to  
port it to C so others can use it with nearly no afford at all.

--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/c634599e/attachment.pgp 


More information about the Security mailing list