[Security] TLS Certificates Verification
Jonathan Schleifer
js-xmpp-security at webkeks.org
Tue Aug 19 08:10:01 CDT 2008
Am 19.08.2008 um 04:37 schrieb Peter Saint-Andre:
> I think that obtaining a client certificate from the XMPP ICA would
> be simpler than obtaining a server certificate. The process for
> obtaining a server certificate is explained at https://www.xmpp.net/
> (I'm offline right now and I don't remember the exact URL) -- it
> involves requesting a website account at xmpp.net, website admin
> approval based on access to one of the official email addresses or
> one of the email addresses in the whois record, then logging into
> the xmpp.net website to visit a "jump page" from which you can
> finally access the CA site, etc. By contrast, I think that to obtain
> a client certificate your client would act on your behalf to
> interact in-band with an XMPP service at xmpp.net or maybe
> xmpp.startcom.org, with little or no involvement by the user except
> to click a big "please generate a security certificate for me"
> button and probably visit a special URL provided in a message (which
> message would probably be an x:data form that is specially handled
> by the client, not a standard message with a human-readable body).
Sorry, but not average user will do that, ever. Even most geeks won't
do that due to lazyness.
--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/67f56c18/attachment.pgp
More information about the Security
mailing list