[Security] TLS Certificates Verification
stpeter at stpeter.im
Wed Aug 20 09:50:18 CDT 2008
Jonathan Schleifer wrote:
> Am 20.08.2008 um 16:24 schrieb Remko Tronçon:
> > Upgrading a well-established secure
>> standard to a new use case sounds slightly more fail-safe than
>> creating a new one from the ground up.
> That has issues like:
> * Only works with keys which is user unfriendly
Please do some research about TLS. It is not limited to using keys
(e.g., read RFC 5054).
> * Was designed for server to client connection and not client to client
I think you may be confusing "TLS server" and "TLS client" with "XMPP
server" and "XMPP client". However, while I grant that SSL was
originally designed for use between web servers and web clients, that
doesn't mean it can't be used for other scenarios. You are committing
the genetic fallacy. (Another example: the World Wide Web was designed
for publishing physics papers, therefore it can't be used for electronic
> I don't see why everyone wants to use TLS for it, it really wasn't
> designed for that IMO!
Who cares, as long as it works?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/dcd87fed/attachment.bin
More information about the Security