[Security] TLS Certificates Verification
jonathanD at k2.com
Tue Aug 19 12:57:28 CDT 2008
Maybe something based on Diffie Hellman (which RSP uses)?
From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On Behalf Of Dave Cridland
Sent: Tuesday, August 19, 2008 7:48 PM
To: XMPP Security
Subject: Re: [Security] TLS Certificates Verification
On Tue Aug 19 18:33:53 2008, Eric Rescorla wrote:
> Actually, this is a lot more complicated than it has to be. TLS has
> features that make this trivial to do and that don't rely on
> 1. A PAKE mode (SRP)
I see how this works, but you're asking for quite a bit of less than
usual TLS magic involved.
Could we use a simple, channel-binding, shared-secret based SASL
I've the thought in my head that we could make this essentially the
same as Bluetooth keying, using the channel binding to "learn" the
That ought to be using essentially out-of-the-box bits of software,
whereas I'm not so sure that SRP quite ranks there yet, and may well
not for a long while.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security