[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Jonathan Schleifer js-xmpp-security at webkeks.org
Mon Aug 25 15:39:41 CDT 2008


Pavel Simerda <pavlix at pavlix.net> wrote:

> What is the point of unauthenticated encrypted channels?

That you verify them later? That happens quite often. Nobody verifies
them directly. Haven't seen a single person doing that. I have a real
world situation that actually happened to me: I know someone from the
Gajim MUC. We always used E2E, as this is the default. When we met, we
verified each other. So we know all our past conversations have not
been compromised.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080825/2123010d/attachment.pgp 


More information about the Security mailing list