[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 19 16:18:45 CDT 2008


Eric Rescorla wrote:
> On Tue, Aug 19, 2008 at 1:51 PM, Jonathan Schleifer
> <js-xmpp-security at webkeks.org> wrote:
>> Jonathan Dickinson <jonathanD at k2.com> wrote:
>>
>>> (compared to making
>>> a new standard which would have no implementations).
>> ESessions *HAS* implementations! That's the point I bring up again and
>> again against reinventing the wheel and doing something with TLS now!
> 
> There's something truly ironic about someone lobbying for an entirely
> new and unanalyzed cryptographic protocol suggesting that using the
> most widely implemented crypto protocol in the world would be reinventing
> the wheel.

In fact it's not even new in the codebase to which he contributes, 
because Gajim already supports TLS and SASL for client-to-server 
streams, just not for end-to-end streams.

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/05538939/attachment.bin 


More information about the Security mailing list