[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 08:10:01 CDT 2008


Am 19.08.2008 um 04:37 schrieb Peter Saint-Andre:

> I think that obtaining a client certificate from the XMPP ICA would  
> be simpler than obtaining a server certificate. The process for  
> obtaining a server certificate is explained at https://www.xmpp.net/  
> (I'm offline right now and I don't remember the exact URL) -- it  
> involves requesting a website account at xmpp.net, website admin  
> approval based on access to one of the official email addresses or  
> one of the email addresses in the whois record, then logging into  
> the xmpp.net website to visit a "jump page" from which you can  
> finally access the CA site, etc. By contrast, I think that to obtain  
> a client certificate your client would act on your behalf to  
> interact in-band with an XMPP service at xmpp.net or maybe  
> xmpp.startcom.org, with little or no involvement by the user except  
> to click a big "please generate a security certificate for me"  
> button and probably visit a special URL provided in a message (which  
> message would probably be an x:data form that is specially handled  
> by the client, not a standard message with a human-readable body).

Sorry, but not average user will do that, ever. Even most geeks won't  
do that due to lazyness.

--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/67f56c18/attachment.pgp 


More information about the Security mailing list