[Security] TLS Certificates Verification

Remko Tronçon remko at el-tramo.be
Wed Aug 20 04:24:57 CDT 2008


> The XMPP password and the key password should be something completly
> different.

Yet, in practice, everyone who doesn't know much about security will
use the same password, and you're back to square one. You can try to
ask all clients to consistently refuse keys with the same passphrase
as the account (and vice versa, refuse account password changes that
are the same as the key), yet I doubt if that will work.

cheers,
Remko


More information about the Security mailing list