[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 06:25:46 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Dave Cridland
> Sent: Wednesday, August 20, 2008 12:59 PM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
> On Wed Aug 20 11:22:46 2008, Jonathan Dickinson wrote:
> > You could also use SASL External...
> >
> >
> This is quite sensible, although unrelated, if you're suggesting what
> I think you might be.


Indeed.

>
> ...
>
> I have no idea what you're talking about here, however.
>

Somehow the user would have different certificates for different resources. This would allow me to assert that jack sent the message and he is at home.

More appropriately, if I have 15 killer robots I could give them different resources, but the same bare JID. I would then be able to tell for sure which the message came from (e.g. Arnold manages to catch one and starts impersonating it, but the others are still secure). You could just give each a completely different JID, but somehow this has some attractive properties.

> Dave.
> --
> Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
>   - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
>   - http://dave.cridland.net/
> Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list