[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Wed Aug 20 11:26:24 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Jonathan Schleifer
> Sent: Wednesday, August 20, 2008 6:26 PM
> To: security at xmpp.org
> Subject: Re: [Security] TLS Certificates Verification
>
> Jonathan Dickinson <jonathanD at k2.com> wrote:
>
> > ...
>
> Not every admin has the time to implement a new ejabberd module that
> does IBB checking :) Most will just disable it and done. So this is
> very admin and therefore user unfriendly. That's why we shouldn't use
> Jingle IBB, but something else, so it's very very easy to distinguish.
>
> And no, if it's encrypted, I can't say what is in it!

What happens before starttls?

I am going to have to take a break now, losing my temper. Be back in .5hr.

>
> --
> Jonathan


More information about the Security mailing list