[Security] S2S Leap of faith w/ SASL EXTERNAL

Kim Alvefur zash at zash.se
Wed Nov 17 21:29:16 CST 2010

On Wed, 2010-11-17 at 19:35 -0700, Peter Saint-Andre wrote:
> How would the pinning work?

What I described is pretty much "TOFU", except you wait until at least
one successful dialback is made.

> Do you foresee that an admin would need to approve the pinning for
> server-to-server connections?

The point would be to not require this, but a manual mode is of course
very nice to have, and should probably come first.

The "auto mode" should probably be disabled by default and reserved for
those who don't trust CA's for some reason but still doesn't think
they'll get MITM'ed on the first s2s connection.

> Another thought: use server buddy lists and check with domains you
> trust to see if they know the cert for that server.

That indeed allows for some really cool stuff, but it's a bit in the
future (does any server do xep 267 yet?) along with DNSSEC :(

Kim Alvefur <zash at zash.se>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/security/attachments/20101118/9ff22832/attachment.pgp>

More information about the Security mailing list