[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 05:22:46 CDT 2008

> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Dirk Meyer
> Sent: Wednesday, August 20, 2008 12:11 PM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
> "Remko Tronçon" wrote:
> >> ...
> Maybe it is a stupid idea, but why not use the md5 sum of the key
> password as server password? Replace md5 with sha256 to be more
> up-to-date.

You could also use SASL External...

How about involving resources. This way the recipient would know not only know who the message came from, but where (great for bots). They could be used for further entropy of encryption or something if used in a hash. I am not sure how it would work out, but if we could get it right it would be pretty neat :P.

> Dirk
> --
> It might look like I'm doing nothing, but at the cellular level I'm
> really quite busy.

More information about the Security mailing list