[Security] TLS Certificates Verification
dave at cridland.net
Wed Aug 20 05:58:30 CDT 2008
On Wed Aug 20 11:22:46 2008, Jonathan Dickinson wrote:
> You could also use SASL External...
This is quite sensible, although unrelated, if you're suggesting what
I think you might be.
If the client has a TLS certificate, which it can do either by
provisioning through a CA or by simply generating a self-signed one,
then we can use the authentication with the server to bootstrap it
there, in which case the client needn't record the password at all,
which is nice.
Nothing to do with the problem at hand, but quite interesting.
> How about involving resources. This way the recipient would know
> not only know who the message came from, but where (great for
> bots). They could be used for further entropy of encryption or
> something if used in a hash. I am not sure how it would work out,
> but if we could get it right it would be pretty neat :P.
I have no idea what you're talking about here, however.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security