[Security] Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Peter Saint-Andre stpeter at stpeter.im
Wed Sep 3 21:13:33 CDT 2008


Pavel Simerda wrote:
> On Sun, 31 Aug 2008 20:47:47 +0200
> Dirk Meyer <dmeyer at tzi.de> wrote:
>
> You should not need to watch deleted item. Certificates are revoked,
> not deleted, revocation could be just easily announced as a new item.

I think revocation belongs in OCSP, no? Or is this user revocation of a 
client cert?

>> And something else I also added a note in my XEP proposal about the
>> TLS verification: how should keys look like. XEP-0189 now uses xmldsig
>> which IMHO is very complicated. People now how a keys look in PEM
>> format. Maybe just use this?

Please! I haven't gotten around to fixing XEP-0189 along those lines, so 
feel free to do so now that you have SVN access. :)

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6751 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080903/2bcdbd70/attachment.bin 


More information about the Security mailing list