[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
dmeyer at tzi.de
Sun Aug 31 13:47:47 CDT 2008
Peter Saint-Andre wrote:
> Dirk Meyer wrote:
>> Peter wants to give XEP-0189 more love, I guess this is something that
>> should be in it. Also the user/client keys. When he is back I can work
>> with him to add all that stuff.
> Sure, let's do that. Or feel free to pull the XML out of SVN and start
> working on it. :)
I just looked at it and PEP and some other XEPs and there are some
things I do not like. Maybe these XEPs need a small update for this
1. PEP says the last_item should only be send if the priority is not
negative. But all bots have a negative priority and will never get
the updates. Maybe an extra config option for PubSub/PEP: also send
to negative priority?
2. I like the fact that I get a notification when I start my client
when there is a new item (if it is configured that way). But I also
want to be notified when something was deleted (certificate
revoked). What I would like to have is that I get a notification
from the server that "something has changed since I was last
online" so I can get the whole tree of certificates.
Maybe move that discussion to the pubsub list? /me needs to subscribe
to that list, too :)
And something else I also added a note in my XEP proposal about the
TLS verification: how should keys look like. XEP-0189 now uses xmldsig
which IMHO is very complicated. People now how a keys look in PEM
format. Maybe just use this?
"I get to go to lots of overseas places, like Canada." - Britney Spears
More information about the Security