[Security] TLS-SRP Questions

Jonathan Dickinson jonathanD at k2.com
Thu Aug 21 15:25:51 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Dirk Meyer
> Sent: Thursday, August 21, 2008 9:20 PM
> To: XMPP Security
> Subject: Re: [Security] TLS-SRP Questions
>
> Jonathan Dickinson wrote:
> > And my hard-laboured formatting got messed up.
>
> :)
>
> > Initiator opens connection
> > Target gets connection and presents certificate
> > Initiator verifies certificate with IC -> Fail if invalid
> > Initiator presents certificate
> > Target verifies certificate -> Fail if invalid
> > Success
> >
> > The point is, from what I can tell, TLS supports all of that.
>
> Yes, but the question is how to verify a certificate from someone you
> do not know which is not signed by a CA. Or I'm I missing something in
> your argumentation?

We can have xmpp.net as the IC.

>
> Dirk
>
>
> --
> A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...


More information about the Security mailing list