[Security] TLS Certificates Verification

Peter Saint-Andre stpeter at stpeter.im
Wed Aug 20 09:50:18 CDT 2008


Jonathan Schleifer wrote:
> Am 20.08.2008 um 16:24 schrieb Remko Tronçon:
> 
>  > Upgrading a well-established secure
>> standard to a new use case sounds slightly more fail-safe than
>> creating a new one from the ground up.
> 
> That has issues like:
> * Only works with keys which is user unfriendly

Please do some research about TLS. It is not limited to using keys 
(e.g., read RFC 5054).

> * Was designed for server to client connection and not client to client 
> connection.

I think you may be confusing "TLS server" and "TLS client" with "XMPP 
server" and "XMPP client". However, while I grant that SSL was 
originally designed for use between web servers and web clients, that 
doesn't mean it can't be used for other scenarios. You are committing 
the genetic fallacy. (Another example: the World Wide Web was designed 
for publishing physics papers, therefore it can't be used for electronic 
commerce.)

> I don't see why everyone wants to use TLS for it, it really wasn't 
> designed for that IMO!

Who cares, as long as it works?

/psa


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/dcd87fed/attachment.bin 


More information about the Security mailing list