[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 01:58:37 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Johansson Olle E
> Sent: Wednesday, August 20, 2008 8:40 AM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
>
> 19 aug 2008 kl. 21.02 skrev Justin Karneges:
>
> > On Monday 18 August 2008 14:34:19 Eric Rescorla wrote:
> >> ...
> >
> Well, there's an "OTR proxy" that actually is designed to be an man-in-
> the-middle
> and be the endpoint, so that a server administrator can log in clear
> text...
>
> The users still feel warm and happy though.

We decided against OTR as it behaves strangely with XMPP.

>
> /O ;-)


More information about the Security mailing list