[Security] Hosted solutions - client/user certs
pavlix at pavlix.net
Sun Aug 24 16:26:26 CDT 2008
Oh, you mean using a certificate for c2s authentication.
On Sun, 24 Aug 2008 20:09:14 +0200
Dirk Meyer <dmeyer at tzi.de> wrote:
> Pavel Simerda wrote:
> > PubSub will be on virtually every server in the future and it's
> > suitable for saving both private and public data.
> > The only issue is: do you trust the server list? Maybe you can also
> > store your own signatures for the certificates? I don't understand
> > the precise purpose of this outline but I believe it should also
> > include a listing of security features it is intended to provide.
> I trust the server to hold the certificates for clients that can log
> in at the server. If the server is bad it does not care anyway. But I
> do not trust the server for c2c certificates, they have to be signed
> by a key I trust. But we can use the same list for both cases. Keep
> the list of client certificates signed on a pubsub node. The server
> (which may not be able to verify the signature but that doesn't
> matter) allows all clients with such a certificate to log in. For c2c
> all clients use that list including the signature for authentication.
Jabber & Mail: pavlix(at)pavlix.net
More information about the Security