[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Dirk Meyer dmeyer at tzi.de
Sun Aug 31 13:47:47 CDT 2008


Peter Saint-Andre wrote:
> Dirk Meyer wrote:
>> Peter wants to give XEP-0189 more love, I guess this is something that
>> should be in it. Also the user/client keys. When he is back I can work
>> with him to add all that stuff.
>
> Sure, let's do that. Or feel free to pull the XML out of SVN and start
> working on it. :)

I just looked at it and PEP and some other XEPs and there are some
things I do not like. Maybe these XEPs need a small update for this
use-case.

1. PEP says the last_item should only be send if the priority is not
   negative. But all bots have a negative priority and will never get
   the updates. Maybe an extra config option for PubSub/PEP: also send
   to negative priority?

2. I like the fact that I get a notification when I start my client
   when there is a new item (if it is configured that way). But I also
   want to be notified when something was deleted (certificate
   revoked). What I would like to have is that I get a notification
   from the server that "something has changed since I was last
   online" so I can get the whole tree of certificates.

Maybe move that discussion to the pubsub list? /me needs to subscribe
to that list, too :)

And something else I also added a note in my XEP proposal about the
TLS verification: how should keys look like. XEP-0189 now uses xmldsig
which IMHO is very complicated. People now how a keys look in PEM
format. Maybe just use this?


Dirk

-- 
"I get to go to lots of overseas places, like Canada." - Britney Spears


More information about the Security mailing list