[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 03:11:31 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Johansson Olle E
> Sent: Wednesday, August 20, 2008 9:38 AM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
>
> 19 aug 2008 kl. 23.50 skrev Dirk Meyer:
>
> > ...
>
> We can't design solutions based on an assumption that "people will not
> use this, because it's not the use case I'm thinking of." E2E sessions
> will be used across the Internet and will need help with NAT traversal.
> That has to be part of the design spec.

I am sorry, but not everyone lives in America/Europe/etc. where good internet connections are the norm. I live in South Africa, where using NAT traversal would be possible. However, I realize that some people simply would not be able to do NAT traversal (especially those behind firewalls) because I am 'dangerously' close to not being able to do them.

If I can do OTR with AIM and I need encrypted messaging, and Jabber doesn't support it because I need a traversable NAT I would be forced to go with AIM+OTR.

Not to mention mobile devices that use GSM/GPRS/3G/HSDPA that would probably (once again, not the case in ZA, but I can sympathize) not have traversable NATs hosting them. Especially if the mobile operator wants to block VOIP.

Can we please keep assumptions that people have 'hostable' connections off this list. We need support for both: people who can use NAT traversal or public IPs, and people who can't. Otherwise nobody will take the standard seriously.

>
> /O


More information about the Security mailing list