[Security] S2S Leap of faith w/ SASL EXTERNAL
mwild1 at gmail.com
Thu Nov 18 17:22:54 CST 2010
On 18 November 2010 23:07, David Banes <david at banes.org> wrote:
> Cisco should sponsor/host it...
A lonely picture of Dave hanging on some wall in the Cisco offices? I
can see it now...
The problem I see with this is - when the admin changes the certs
(e.g. they expire) - what next? We just blindly trust the new certs
after dialback? Isn't there a risk that the MITM comes along, offers a
new cert, and intercept the dialback verifications and acks it
In SSH at least you get notified (quite loudly) that the server
fingerprint has changed.
More information about the Security