[Security] TLS Certificates Verification
stpeter at stpeter.im
Tue Aug 19 23:31:58 CDT 2008
Jonathan Dickinson wrote:
>> -----Original Message----- From: security-bounces at xmpp.org
>> [mailto:security-bounces at xmpp.org] On Behalf Of Peter Saint-Andre
>> Sent: Wednesday, August 20, 2008 12:57 AM To: XMPP Security
>> Subject: Re: [Security] TLS Certificates Verification
>> ... The client can do this for you over XMPP, no? Is there any
>> reason to visit a web page here?
> It is out-of-band. Hopefully more secure. Maybe SMSing or Emailing
> the OTP could work just as well.
I think it's a good idea to use different transports, but I question
whether SMS or email is more secure than XMPP. I'd prefer the
combination of XMPP and secure HTTP.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/41f893f9/attachment.bin
More information about the Security