[Security] TLS-SRP Questions
Kurt.Zeilenga at Isode.com
Thu Aug 21 15:48:15 CDT 2008
On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:
>> -----Original Message-----
>> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
>> Behalf Of Kurt Zeilenga
>> Sent: Thursday, August 21, 2008 10:32 PM
>> To: XMPP Security
>> Subject: Re: [Security] TLS-SRP Questions
>> On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
>> Why would there be any need to otherwise "verify" A's certificate?
> So B knows who they are talking to ;).
Does B care to who A is more than its the person that asserted they
were some jabberid?
Do you want to establish that the person who asserted some jabberid is
the person that jabberid was assigned to by the homeserver?
That seems a bit different problem than just establishing that I'm now
communicating with the person who previously asserted they can be
reached at some jabberid.
> I'm confused. It's too late here.
>> -- Kurt
>>> A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...
More information about the Security