[Security] TLS-SRP Questions

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Thu Aug 21 17:21:53 CDT 2008

On Aug 21, 2008, at 2:34 PM, Dirk Meyer wrote:

> Kurt Zeilenga wrote:
>> On Aug 21, 2008, at 1:38 PM, Jonathan Dickinson wrote:
>>>> -----Original Message-----
>>>> From: security-bounces at xmpp.org [mailto:security- 
>>>> bounces at xmpp.org] On
>>>> Behalf Of Kurt Zeilenga
>>>> Sent: Thursday, August 21, 2008 10:32 PM
>>>> To: XMPP Security
>>>> Subject: Re: [Security] TLS-SRP Questions
>>>> On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
>>>>> ...
>>>> Why would there be any need to otherwise "verify" A's certificate?
>>> So B knows who they are talking to ;).
>> Does B care to who A is more than its the person that asserted they
>> were some jabberid?
> Yes, I want mutal trust.

Should I parse this 'Yes and I want mutual trust'?   That is, just  
'Yes' to my question doesn't imply you want mutual trust.  That's yet  
another thing.

By the way, the point of these questions is to try to clarify what the  
problems are that you and others are trying to solve.

Some, I think, would have answered 'no' (B doesn't care who A is more  
than its the person that asserted they were some jabberid).

> Maybe the server is compromised or I do not
> have a server (link local messaging). We need trust in both
> directions.
> Dirk
> -- 
> Black holes are where God divided by zero.

More information about the Security mailing list