[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 19 23:31:58 CDT 2008


Jonathan Dickinson wrote:
>> -----Original Message----- From: security-bounces at xmpp.org
>> [mailto:security-bounces at xmpp.org] On Behalf Of Peter Saint-Andre 
>> Sent: Wednesday, August 20, 2008 12:57 AM To: XMPP Security 
>> Subject: Re: [Security] TLS Certificates Verification
>> 
>> ... The client can do this for you over XMPP, no? Is there any
>> reason to visit a web page here?
> 
> It is out-of-band. Hopefully more secure. Maybe SMSing or Emailing
> the OTP could work just as well.

I think it's a good idea to use different transports, but I question 
whether SMS or email is more secure than XMPP. I'd prefer the 
combination of XMPP and secure HTTP.

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/41f893f9/attachment.bin 


More information about the Security mailing list