[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 19 13:05:04 CDT 2008


Eric Rescorla wrote:

> What Dave is suggesting, I think, would be a garden variety TLS handshake with
> whatever ciphersuites you already support and self-signed certs. Then you'd run
> SASL with some challenge/response protocol and channel bindings (you'd
> almost certainly want mutual auth here) and then on the basis of the C/R
> note that you trusted the peer's self-signed cert.

Yes I think that about sums it up.

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/b551ec21/attachment.bin 


More information about the Security mailing list