[Security] TLS Certificates Verification

Dirk Meyer dmeyer at tzi.de
Wed Aug 20 04:08:48 CDT 2008


Johansson Olle E wrote:
> 19 aug 2008 kl. 10.09 skrev Jonathan Schleifer:
>
>> But it wasn't analyzed with IM in mind, but stuff like HTTPS or
>> IMAPS. For Jabber, we have traffic that is human generated, which
>> allows a lot more of attacks. I already named a few of them on the
>> standards list.
>
> Whenever we discuss XMPP security, please don't assume it's only for
> humans. There's a lot of people using it as an application
> infrastructure too.  That said, we can find different solutions for
> both cases, but we propably should not exclude one of them.

I will take care of that in the discussion because I do not want to
use security for humans. We may need a human for key validation but
after that everything MUST work without human interaction.


Dirk

-- 
"A deadline has a wonderful way of focusing the mind." -
Professor Moriarty, Ship in a Bottle, Star Trek: The Next
Generation


More information about the Security mailing list