[Security] TLS-SRP Questions

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Thu Aug 21 15:48:15 CDT 2008


On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:

>> -----Original Message-----
>> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
>> Behalf Of Kurt Zeilenga
>> Sent: Thursday, August 21, 2008 10:32 PM
>> To: XMPP Security
>> Subject: Re: [Security] TLS-SRP Questions
>>
>>
>> On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
>>
>>> ...
>>
>> Why would there be any need to otherwise "verify" A's certificate?
>
> So B knows who they are talking to ;).

Does B care to who A is more than its the person that asserted they  
were some jabberid?

Do you want to establish that the person who asserted some jabberid is  
the person that jabberid was assigned to by the homeserver?

That seems a bit different problem than just establishing that I'm now  
communicating with the person who previously asserted they can be  
reached at some jabberid.

> I'm confused. It's too late here.
>
>>
>> -- Kurt
>>
>>
>>
>>>
>>>
>>> Dirk
>>>
>>>
>>> --
>>> A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...
>



More information about the Security mailing list