[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 11:20:37 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Jonathan Schleifer
> Sent: Wednesday, August 20, 2008 6:18 PM
> To: security at xmpp.org
> Subject: Re: [Security] TLS Certificates Verification
>
> Peter Saint-Andre <stpeter at stpeter.im> wrote:
>
> > ...
>
> I should be more specific here: My server only has the bandwith to
> transfer small data like text, not BLOBs. Thus I don't want Jingle IBB,
> because I never want video or files inband. But I want encryption
> inband!

It sounds like your server expends a lot of effort to determine if something should be sent or not. Bandwidth is expensive in ZA so I can sympathize. How about unwrapping the initial moments of an IBB stream to see if it's XMPP or binary data? You could probably decide after decoding the first 10 or so characters.

> --
> Jonathan


More information about the Security mailing list