[Security] TLS Certificates Verification

Johansson Olle E oej at edvina.net
Wed Aug 20 02:38:25 CDT 2008


19 aug 2008 kl. 23.50 skrev Dirk Meyer:

> Jonathan Dickinson wrote:
>> Requiring serverless messaging is a deceiving lure.
>>
>> What if the client is behind a symmetric NAT? Or some NAT that
>> simply doesn't working with STUN (or ICE/SIP/whatever)? They can't
>> open a encrypted session?
>
> No, in that case they need the "help" of a server. IMHO the real use
> case for serverless messaging is in the LAN. Back to my application
> control using XMPP: I want to access my set-top box from other devices
> in my LAN even if my DSL link is down.

We can't design solutions based on an assumption that "people will not
use this, because it's not the use case I'm thinking of." E2E sessions
will be used across the Internet and will need help with NAT traversal.
That has to be part of the design spec.

/O


More information about the Security mailing list