[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Aug 20 09:45:00 CDT 2008


Am 20.08.2008 um 16:24 schrieb Remko Tronçon:

 > Upgrading a well-established secure
> standard to a new use case sounds slightly more fail-safe than
> creating a new one from the ground up.

That has issues like:
* Only works with keys which is user unfriendly
* Was designed for server to client connection and not client to  
client connection.

I don't see why everyone wants to use TLS for it, it really wasn't  
designed for that IMO!

--
Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/65775ee5/attachment.pgp 


More information about the Security mailing list