[Security] TLS-SRP Questions

Dirk Meyer dmeyer at tzi.de
Thu Aug 21 16:34:39 CDT 2008


Kurt Zeilenga wrote:
> On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:
>
>>> -----Original Message-----
>>> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
>>> Behalf Of Kurt Zeilenga
>>> Sent: Thursday, August 21, 2008 10:32 PM
>>> To: XMPP Security
>>> Subject: Re: [Security] TLS-SRP Questions
>>>
>>>
>>> On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
>>>
>>>> ...
>>>
>>> Why would there be any need to otherwise "verify" A's certificate?
>>
>> So B knows who they are talking to ;).
>
> Does B care to who A is more than its the person that asserted they
> were some jabberid?

Yes, I want mutal trust. Maybe the server is compromised or I do not
have a server (link local messaging). We need trust in both
directions.


Dirk

-- 
Black holes are where God divided by zero.


More information about the Security mailing list