[Security] TLS-SRP Questions
dave at cridland.net
Thu Aug 21 15:35:33 CDT 2008
On Thu Aug 21 21:25:51 2008, Jonathan Dickinson wrote:
> We can have xmpp.net as the IC.
Assuming, by IC, you mean CA, I don't think the vast majority of
users will want to trouble themselves with a CA signed certificate.
I think the majority of users will be fine with a self-signed cert
and either leap-of-faith or some form of authentication code, whether
that's SAS, fingerprint exchange, or whatever.
Moreover, I think that level of security is just fine, too - I think
the kinds of deployments where X.509 PKI is important will have their
own infrastructure in place, and will want all the exciting things
like signed pubsub and MUC, and similar kinds of fun and games, where
a lot of this kind of security won't apply at all.
In those kinds of deployment, end-to-end encryption is often not
important, or even allowed - just the strong authentication is what's
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security