[Security] TLS-SRP Questions - trust vs confidentiality

Jonathan Dickinson jonathanD at k2.com
Fri Aug 22 03:11:43 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Johansson Olle E
> Sent: Friday, August 22, 2008 8:44 AM
> To: XMPP Security
> Subject: Re: [Security] TLS-SRP Questions - trust vs confidentiality
> ...
>
> Mixing trust with encryption makes the discussion very hard. I think
> we have to keep the option to connect to the existing CA/PKI structures
> with X.509 and the TLS/SSL CAs for situations when trust is needed,
> and let that business sort out the level 8 and 9 problems with that.
> We'll just put a large SEP field around it and hope that they can
> sort it out.

Nice conclusion.

>
>
> /O


More information about the Security mailing list